Solved

IDS Attacks response

Posted on 2004-09-01
9
248 Views
Last Modified: 2010-04-09
Hi

I have an IDS configured in the network, im using the IEV monitor and im able to see the attacks by their Ip address,
by i want to know the action that has been taken to prevent this attacks?

Thanks


0
Comment
Question by:ibmas4002
  • 4
  • 3
  • 2
9 Comments
 
LVL 18

Expert Comment

by:liddler
ID: 11953479
IF you have a router with acls (Access Control Lists) or a firewall you can block the specific IP addresses.  You can also use ripe to find out the abuse address for their netblock and report their abuse, and get them dropped by their ISP.
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11955573
Thanks Liddler

I have event viwer installed, also i configured the blocking device. but the signatures its showing nothing in the actions.

so do i need to configure manually to take the actions??

thanks
0
 
LVL 18

Expert Comment

by:liddler
ID: 11955951
Sorry I don't know IEV, you'll have to look at the cisco? docs
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11956180
Configure the network IDS with an active port that it can send TCP RST packets to and/or actively modify the upstream router ACL.
Alternatively, buy an inline IPS - Intrusion Prevention System, which will do all this for you...
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 2

Author Comment

by:ibmas4002
ID: 11957489
Hi  tim_holman

can you explain how to configure the IDS for TCP RST flag.

Thanks
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11957658
What's the exact make and model of your NIDS, and what do you use to manage it  ?
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11960132
i have 4215 and its connected to the external switch.
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 250 total points
ID: 11961693
Does the external switch support ACLs ?
The way you'd normally set these up would be:

Internet
|
Router
|
IDS
|
Internal network

..and if the IDS detects anything odd then configure it to modify the router's ACL.

It cannot directly prevent attacks, although it can send RST packets to the originator to reset the session, but then why bother communicating back to the source - just block it with the ACL.

Instructions using IDSM are here:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c83.html

Look under Configuring Blocking:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c83.html#32394
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11994870
Thanks  tim_holman

its useful
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This video discusses moving either the default database or any database to a new volume.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now