That's why you always put your own IP as well as the CSPM server on the do not shun list...
That's a good point, but that scenario is exactly why they added the do not shun list. Well that and the person who puts a custom signature denying telneting and locks themselves out :) Thanks Larry -----Original Message----- From: Steven A. Ridder [mailto:[EMAIL PROTECTED]] Sent: Saturday, June 15, 2002 10:07 AM To: [EMAIL PROTECTED] Subject: Re: IDS Questions [7:46639] I wouldn't use shunning only because a hacker can spoof an address, and you shun it, such as a web server, or IDS console, etc.. ""Hamid"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Maybe a silly question, Can anyone tell me what shunning is? > > > ""John Kaberna"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I don't see why you'd get flamed for that except maybe from a > > die-hard > Cisco > > employee and even then I doubt it. I prefer Snort a lot more than Cisco's > > IDS because of price and I do prefer the fact that you have nearly > > an > entire > > industry of security people that work on Snort. There are very few > seasoned > > security people that don't have a fair amount of experience with > > Snort. There are few shops out there that rely solely on Cisco IDS. > > If I had the > > choice though, I would probably run them both. It wouldn't hurt and > > it > sure > > would make you feel good to catch an alarm on one IDS that was > > missed by > the > > other. > > > > > > ""Peter Walker"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I hope I dont get flamed for this.... > > > > > > ... but I would like to ask a similar but different question. > > > > > > What reason is there to choose Cisco IDS over Snort. I just dont > > > see > Cisco > > > IDS as having much in the way of advantages over Snort other than > > > a > Cisco > > > label and a high price tag (and yes both of those can be percieved > > > as > > > advantages) > > > > > > Of all of the Cisco kit I have worked with the IDS system is the > > > only > one > > I > > > cant see myself recommending to someone. > > > > > > Peter Walker > > > > > > --On Friday, June 14, 2002 7:13 PM -0400 Ken Diliberto wrote: > > > > > > > Brian, > > > > > > > > We can both justify and afford a commercial IDS but choose > > > > Snort. > What > > do > > > > see as drawbacks to Snort? > > > > > > > > > > >>> "Brian Zeitz" 06/14/02 03:02PM >>> > > > > > > > > > > So the most people who want IDS who cannot afford > > > > / justify (just yet) and IDS box are using Snort? I have a pix 515UR, > > > > and if I read correctly, it has the capabilities to interface to > > > > an > IDS > > > > box, but it is not an IDS box itself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46688&t=46639 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]