The Cisco IDS uses four main attack response methods. One will be used in each individual situation and is configurable by the user.

  1. Alarm generation. This will be passed to the director and displayed to the user.
  2. IP session log generation. These gather information about unauthorized use. It is important to keep a copy of every packet used in that specific conversation for future reference.
  3. Reset of TCP connections. Connections are reset after an attack begins. The IDS resets individual, illegitimate TCP connections to counter DoS attacks.
  4. Shunning the attack. A managed network device, like a Cisco router, denies any packets from the attack source entry into your network.