Cisco IDS allows you to choose which signatures you shun on. Usually IP spoofing is involved with the packet signatures, where it doesn't matter that the response doesn't reach the attacker. Shunning is used on the more interactive attacks. Also, Cisco IDS allows you to exclude certain addresses from shunning, or to override certain address/signature combinations. For some attacks, a shunning IDS will stop it dead in its tracks.
Bob Irides -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Steven A. Ridder Sent: Saturday, June 15, 2002 11:07 AM To: [EMAIL PROTECTED] Subject: Re: IDS Questions [7:46639] I wouldn't use shunning only because a hacker can spoof an address, and you shun it, such as a web server, or IDS console, etc.. ""Hamid"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Maybe a silly question, Can anyone tell me what shunning is? > > > ""John Kaberna"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > I don't see why you'd get flamed for that except maybe from a > > die-hard > Cisco > > employee and even then I doubt it. I prefer Snort a lot more than Cisco's > > IDS because of price and I do prefer the fact that you have nearly > > an > entire > > industry of security people that work on Snort. There are very few > seasoned > > security people that don't have a fair amount of experience with > > Snort. There are few shops out there that rely solely on Cisco IDS. > > If I had the > > choice though, I would probably run them both. It wouldn't hurt and > > it > sure > > would make you feel good to catch an alarm on one IDS that was > > missed by > the > > other. > > > > > > ""Peter Walker"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > I hope I dont get flamed for this.... > > > > > > ... but I would like to ask a similar but different question. > > > > > > What reason is there to choose Cisco IDS over Snort. I just dont > > > see > Cisco > > > IDS as having much in the way of advantages over Snort other than > > > a > Cisco > > > label and a high price tag (and yes both of those can be percieved > > > as > > > advantages) > > > > > > Of all of the Cisco kit I have worked with the IDS system is the > > > only > one > > I > > > cant see myself recommending to someone. > > > > > > Peter Walker > > > > > > --On Friday, June 14, 2002 7:13 PM -0400 Ken Diliberto wrote: > > > > > > > Brian, > > > > > > > > We can both justify and afford a commercial IDS but choose > > > > Snort. > What > > do > > > > see as drawbacks to Snort? > > > > > > > > > > >>> "Brian Zeitz" 06/14/02 03:02PM >>> > > > > > > > > > > So the most people who want IDS who cannot afford > > > > / justify (just yet) and IDS box are using Snort? I have a pix 515UR, > > > > and if I read correctly, it has the capabilities to interface to > > > > an > IDS > > > > box, but it is not an IDS box itself. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46687&t=46639 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
