IDS mailing list archives
Re: Unable to configure IDSM for traffic analysis
From: joseph () breathe-underwater com
Date: Tue, 25 Apr 2006 18:09:55 -0500
With the IDSM you do not send the traffic to a physical port. You send it to one of the virtual ports on the IDSM. Something such as 3/7 or 3/8 on your 6509 since your IDSM is in Blade 3. Quoting swordfish667 <kirti_bapat () yahoo com>:
hello guys i need some help in configuring the idsm2. I have configured the 6509 switch to capture network traffic using SPAN. i have mentioned vlan as source, for the source SPAN traffic. but after specifying the capture destination on the 6509 (a physical port on the 6509), i am confused about how to send this traffic from the captured port for analysis to virtual sensing port on the IDSM.Basically i am not able to map the phyical destination port on the switch to the virtual sensing ports. The switch details are as follows.i have a 6509 switch with 7 modules. module 1 and module 2 are GBIC module 3 - IDSM module 4 - FWSM module 5 and module 6 - SUP 720 (actvie and hot ) MODULE 7 - 10/100/1000 rj-45 the network topology is as follows. WAN BRANCHES-->>CORE ROUTER-->>Router with VAC-->>pix 535-->>msfc IDSM AND fwsm (6509)--->>>noc(data centre) In the above diagram the traffic flows from the wan towards the data centre and vice versa .The FWSM is configured with the numerous VLANS required for the data centre. Thus all the traffic flow between the various vlans is either denied/permitted on the FWSM. the traffic flow from the wan branches to the data centre first hits the PIX firewall and then hits the FWSM.Likewise traffic from the data centre to the wan branches first hits the FWSM and then the PIX firewall. please help me with this problem at the earliest. Thanx in advance. swordfish. --View this message in context: http://www.nabble.com/Unable-to-configure-IDSM-for-traffic-analysis-t1495126.html#a4052069Sent from the IDS (Intrusion Detection System) forum at Nabble.com. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
------------------------------------------------------------------------
Current thread:
- Unable to configure IDSM for traffic analysis swordfish667 (Apr 24)
- Re: Unable to configure IDSM for traffic analysis joseph (Apr 26)
- <Possible follow-ups>
- RE: Unable to configure IDSM for traffic analysis Arndt.WA (Apr 26)