Maybe a silly question, Can anyone tell me what shunning is?
John Kaberna wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I don't see why you'd get flamed for that except maybe from a die-hard
Cisco
employee and even then I doubt it. I prefer Snort a lot more than Cisco's
IDS
Shunning refers to the functionality of the IDS sensor to dynamically create
and ACL that denies the attacker access and apply it to a specific
interface. For example, you would have it setup that when the sensor sees
an attack from 65.65.65.65 it would create and ACL denying 65.65.65.65
access
I wouldn't use shunning only because a hacker can spoof an address, and you
shun it, such as a web server, or IDS console, etc..
Hamid wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Maybe a silly question, Can anyone tell me what shunning is?
John Kaberna wrote in message
AM
To: [EMAIL PROTECTED]
Subject: Re: IDS Questions [7:46639]
I wouldn't use shunning only because a hacker can spoof an address, and
you shun it, such as a web server, or IDS console, etc..
Hamid wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Maybe a silly question, Ca
-Original Message-
From: Steven A. Ridder [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 15, 2002 10:07 AM
To: [EMAIL PROTECTED]
Subject: Re: IDS Questions [7:46639]
I wouldn't use shunning only because a hacker can spoof an address, and you
shun it, such as a web server, or IDS console
One thing the Cisco IDS has, and why we went with it is because of the
host sensors, and the ability to cooralate all the hosts data with the
network data. Although we haven't purchased the hosts as of yet,
we know it's viable.
-TV
Brian Zeitz wrote in message
[EMAIL PROTECTED]">news:[EMAIL
I read that the 2600 router (or definitely higher model routers) have
IDS built in, but if you bought any Pix Firewall it wouldn't have IDS.
Am I mistaken on this? So the most people who want IDS who cannot afford
/ justify (just yet) and IDS box are using Snort? I have a pix 515UR,
and if I read
PIX's and routers capable of running IDS run a very limited version of IDS.
I believe they only catch 59 signatures which isn't very much. It's not bad
for a small company that has a PIX that would like to start down the path of
having a true IDS some day.
I'm not sure what you mean about Snort
I stand corrected on the shunning part (thanks Glenn). You can use shun
with 6.1, but I am not sure about the details for allowing this to happen
dynamically using CSPM. I hesitate to ever implement dynamic shunning as a
savvy attacker can use that to shun valid sources as a form of DoS.
John
Brian,
We can both justify and afford a commercial IDS but choose Snort. What do
see as drawbacks to Snort?
Do you have a connection to the Internet? If so, what makes you think you
don't need an IDS? Get Snort up and running. You might be surprised.
We're running Snort on a Sun 220R. I
I hope I dont get flamed for this
... but I would like to ask a similar but different question.
What reason is there to choose Cisco IDS over Snort. I just dont see Cisco
IDS as having much in the way of advantages over Snort other than a Cisco
label and a high price tag (and yes both of
I don't see why you'd get flamed for that except maybe from a die-hard Cisco
employee and even then I doubt it. I prefer Snort a lot more than Cisco's
IDS because of price and I do prefer the fact that you have nearly an entire
industry of security people that work on Snort. There are very few
12 matches
Mail list logo
