|
|
|
The Cisco IDS uses four main attack response methods. One will be used in each individual situation and is configurable by the user.
- Alarm generation. This will be passed to the director and displayed to the user.
- IP session log generation. These gather information about unauthorized use. It is important to keep a copy of every packet used in that specific conversation for future reference.
- Reset of TCP connections. Connections are reset after an attack begins. The IDS resets individual, illegitimate TCP connections to counter DoS attacks.
- Shunning the attack. A managed network device, like a Cisco router, denies any packets from the attack source entry into your network.
|