[nsp] IDS shunning

From: Hank Nussbacher (hank@att.net.il)
Date: Wed Mar 20 2002 - 04:51:42 EST

Next message: pankaj: "[nsp] is this cisco2912XL 's bug or else."
Previous message: Gyorfy, Shawn: "RE: [nsp] Filtering OSPF"
Next in thread: Travis Pugh: "Re: [nsp] IDS shunning"
Reply: Travis Pugh: "Re: [nsp] IDS shunning"
Maybe reply: Robert E. Seastrom: "Re: [nsp] IDS shunning"
Maybe reply: Hank Nussbacher: "[nsp] IDS shunning"
Reply: Travis Pugh: "Re: [nsp] IDS shunning"
Maybe reply: Robert E. Seastrom: "Re: [nsp] IDS shunning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

Cisco has a feature in IDS called shunning:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids1/csidsug/configur.htm
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids5/csidscog/nrconfig.htm#xtocid1298518

If I understand correctly, shunning is basically setting up an ACL on the
adjacent router to block the bad traffic. The IDS box doesn't telnet into
the cisco router every time it needs to do a change. The IDS box sets up a
permanent telnet session that doesn't timeout and sits logged in to the
router 24x7! Then it automatically sets up the ACL.

Does anyone actually do this?!

Thanks,
Hank

Next message: pankaj: "[nsp] is this cisco2912XL 's bug or else."
Previous message: Gyorfy, Shawn: "RE: [nsp] Filtering OSPF"
Next in thread: Travis Pugh: "Re: [nsp] IDS shunning"
Reply: Travis Pugh: "Re: [nsp] IDS shunning"
Maybe reply: Robert E. Seastrom: "Re: [nsp] IDS shunning"
Maybe reply: Hank Nussbacher: "[nsp] IDS shunning"
Reply: Travis Pugh: "Re: [nsp] IDS shunning"
Maybe reply: Robert E. Seastrom: "Re: [nsp] IDS shunning"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:08 EDT