IDS mailing list archives

Re: Unable to configure IDSM for traffic analysis

From: joseph () breathe-underwater com
Date: Tue, 25 Apr 2006 18:09:55 -0500

With the IDSM you do not send the traffic to a physical port.  You send it to
one of the virtual ports on the IDSM.  Something such as 3/7 or 3/8 on your
6509 since your IDSM is in Blade 3.

Quoting swordfish667 <kirti_bapat () yahoo com>:


hello guys

i need some help in configuring the idsm2. I have configured the 6509 switch
to capture network traffic using SPAN. i have mentioned vlan as source, for
the source SPAN traffic. but after specifying the capture destination on the
6509 (a physical port on the 6509), i am confused about how to send this
traffic from the captured port for analysis to virtual sensing port on the
IDSM.Basically i am not able to map the phyical destination port on the
switch to the virtual sensing ports.

The switch details are as follows.i have a 6509 switch with 7 modules.
module 1 and module 2 are GBIC
module 3 - IDSM
module 4 - FWSM
module 5 and module 6 - SUP 720 (actvie and hot )
MODULE 7 - 10/100/1000 rj-45

the network topology is as follows.

WAN BRANCHES-->>CORE ROUTER-->>Router with VAC-->>pix 535-->>msfc IDSM AND
fwsm (6509)--->>>noc(data centre)

In the above diagram the traffic flows from the wan towards the data centre
and vice versa .The FWSM is configured with the numerous VLANS required for
the data centre. Thus all the traffic flow between the various vlans is
either denied/permitted on the FWSM.

the traffic flow from the wan branches to the data centre first hits the PIX
firewall and then hits the FWSM.Likewise traffic from the data centre to the
wan branches first hits the FWSM and then the PIX firewall.

please help me with this problem at the earliest. Thanx in advance.

swordfish.
--

View this message in context:http://www.nabble.com/Unable-to-configure-IDSM-for-traffic-analysis-t1495126.html#a4052069

Sent from the IDS (Intrusion Detection System) forum at Nabble.com.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------





------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing itwith real-world attacks from CORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.

------------------------------------------------------------------------

Current thread:

Unable to configure IDSM for traffic analysis swordfish667 (Apr 24)
- Re: Unable to configure IDSM for traffic analysis joseph (Apr 26)
- <Possible follow-ups>
- RE: Unable to configure IDSM for traffic analysis Arndt.WA (Apr 26)