[nsp] IDS shunning

From: Hank Nussbacher (hank@att.net.il)
Date: Wed Mar 20 2002 - 04:51:42 EST

Cisco has a feature in IDS called shunning:

If I understand correctly, shunning is basically setting up an ACL on the
adjacent router to block the bad traffic. The IDS box doesn't telnet into
the cisco router every time it needs to do a change. The IDS box sets up a
permanent telnet session that doesn't timeout and sits logged in to the
router 24x7! Then it automatically sets up the ACL.

Does anyone actually do this?!


This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:08 EDT