Solved

IDS Attacks response

Posted on 2004-09-01
9
252 Views
Last Modified: 2010-04-09
Hi

I have an IDS configured in the network, im using the IEV monitor and im able to see the attacks by their Ip address,
by i want to know the action that has been taken to prevent this attacks?

Thanks


0
Comment
Question by:ibmas4002
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 18

Expert Comment

by:liddler
ID: 11953479
IF you have a router with acls (Access Control Lists) or a firewall you can block the specific IP addresses.  You can also use ripe to find out the abuse address for their netblock and report their abuse, and get them dropped by their ISP.
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11955573
Thanks Liddler

I have event viwer installed, also i configured the blocking device. but the signatures its showing nothing in the actions.

so do i need to configure manually to take the actions??

thanks
0
 
LVL 18

Expert Comment

by:liddler
ID: 11955951
Sorry I don't know IEV, you'll have to look at the cisco? docs
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 23

Expert Comment

by:Tim Holman
ID: 11956180
Configure the network IDS with an active port that it can send TCP RST packets to and/or actively modify the upstream router ACL.
Alternatively, buy an inline IPS - Intrusion Prevention System, which will do all this for you...
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11957489
Hi  tim_holman

can you explain how to configure the IDS for TCP RST flag.

Thanks
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11957658
What's the exact make and model of your NIDS, and what do you use to manage it  ?
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11960132
i have 4215 and its connected to the external switch.
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 250 total points
ID: 11961693
Does the external switch support ACLs ?
The way you'd normally set these up would be:

Internet
|
Router
|
IDS
|
Internal network

..and if the IDS detects anything odd then configure it to modify the router's ACL.

It cannot directly prevent attacks, although it can send RST packets to the originator to reset the session, but then why bother communicating back to the source - just block it with the ACL.

Instructions using IDSM are here:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c83.html

Look under Configuring Blocking:

http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_installation_and_configuration_guide_chapter09186a00801a0c83.html#32394
0
 
LVL 2

Author Comment

by:ibmas4002
ID: 11994870
Thanks  tim_holman

its useful
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question