Cisco Secure Intrusion Detection System








9.1
Device Management and IP Blocking Overview



9.1.4
IP blocking processes





The following steps
describe the IP blocking process:


Step
1
An
attack starts when an attacker executes a hack to gain access
to the protected network.


Step
2
The
Sensor detects the attack and sends an alarm to the Director.


Step
3

At the same time, the Sensor
automatically writes a new ACL on the managed router denying
traffic from the attacking host. The managed router will then
deny any future traffic generated by the attacking host until
the Block is manually removed or the default Block time expires.