RE: Cisco IDS

• Previous message: simon chan: "Re: Cisco IDS"
• Maybe in reply to: Mario Audet: "Cisco IDS"
• Next in thread: Ken Pohniman: "RE: Cisco IDS"
• Next in thread: Gary Halleen: "RE: Cisco IDS"
• Reply: Ken Pohniman: "RE: Cisco IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Semerjian, Ohanes" <Semerjian.Ohanes@wcom.com.au>
To: 'simon chan' <simon@redsentry.net>, 'Mario Audet' <audetmario@hotmail.com>, focus-ids@securityfocus.com
Date: Thu, 14 Feb 2002 14:11:34 +0800

Simon,

Shunning is feature for the Netranger sensor to automatically log into the
configured routers and place a dynamic ACLs when packets match a certain
signature (u can configure which signature). This will result in blocking
the source of the packets.

This dynamic ACLs will remain to a certain time periods that u can configure
it say for example one hour, then after the ACL will be removed by the
sensor that is managing that router. If attack is still in progress the
sensor will place these ACLs again.

Just be careful when using this feature to select only the signatures that u
really want them to be blocked when hit your router, otherwise u may block
necessary legitimate traffic for your corporate.

Best Regards

Ohanes Semerjian

-----Original Message-----
From: simon chan [mailto:simon@redsentry.net]
Sent: Thursday, 14 February 2002 16:47
To: Semerjian, Ohanes; 'Mario Audet'; focus-ids@securityfocus.com
Subject: Re: Cisco IDS

Hi Ohanes,

I've heard of the term shunnin from an ex colleague before
but couldn't understand. Would appreciate if we could hear
your opinion on this.

Thanks.

BEst Rgds,

Simon

On Tue, 12 Feb 2002 06:41:20 +0800
 "Semerjian, Ohanes" <Semerjian.Ohanes@wcom.com.au> wrote:
> *This message was transferred with a trial version of
> CommuniGate(tm) Pro*
> Netranger provide the shunning feature only for Cisco
> routers.
>
> Best Regards
>
> Ohanes Semerjian
> -----Original Message-----
> From: Mario Audet [mailto:audetmario@hotmail.com]
> Sent: Tuesday, 12 February 2002 8:20
> To: focus-ids@securityfocus.com
> Subject: Cisco IDS
>
>
>
>
> Hi all,
>
>
>
> Do you know if Cisco IDS 4230 can works with
>
> Check Point Firewall-1? I want to know if this
>
> appliance can modify a route in the firewall to block a
>
> communication.
>
>
>
> I think than ISS Network Sensor can do it with Check
>
> Point and Nokia firewalls.
>
>
>
> Thanks,
>
>
>
> Mario

"Fanaticism consists in redoubling your efforts when you
have forgotten your
aim."
-George Santayana, Philosopher

• Previous message: simon chan: "Re: Cisco IDS"
• Maybe in reply to: Mario Audet: "Cisco IDS"
• Next in thread: Ken Pohniman: "RE: Cisco IDS"
• Next in thread: Gary Halleen: "RE: Cisco IDS"
• Reply: Ken Pohniman: "RE: Cisco IDS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint