Figure 715 NIDS Shunning

[View full size image]

3 ¿Hack ößiecied Soul™ iP aotfiess 192 0 2 6a. Action- WOCÜ atflmtHHlL

MäJia&amwn traire

3. Add ACL antry denying trafliC SOupMd ffOi" iP 102.0.2.(^32

4. ah suDscq-e^t aiiaeks. from ms ryweh-in-e are blot hid.

I^ïicffiai

Intone!

1 LSUTCÎT ftnjtck eçamsi

piüW c servera.

AfiùCkfir

On the surface, this seems like a good idea, but there are three main caveats:

• If the attack is a false positive, you are blocking a legitimate user from using the network.

• If the attack is spoofed, you are blocking the spoofed IP address, not the real attacker's IP address. This is especially significant if the attack spoofs a proxy server IP address for a large Internet service provider (ISP), as shown in Figure 7-16. This effectively creates a denial of service (DoS) condition on the networkcaused by the NIDS!

100 SEO Tips

100 SEO Tips

100 SEO Tips EVERY SEO Enthusiast Should Know. This Report 100 SEO Tips will help you to Utilize These Tips to Dominate The Search Engine Today.

Get My Free Ebook


Post a comment