Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS IDS question

hello

ip audit protected [ip address - ip address]

according to cco it defines a protected address space for IDS, this is from cisco.

An attack signature detects attacks attempted into the protected network, such as denial-of-service attempts or the execution of illegal commands during an FTP session.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfids.htm

i have tested IDS today with ICMP flooding, i got alarms for ICMP attack SIG .2050 even without configuring this command.

does anybody know, what exactly this command does?

regards

Louis

4 REPLIES
Silver
New Member

Re: IOS IDS question

thanks but unfortunately its still not clear for me.

If no addresses are defined as protected, then all addresses are considered outside the protected network.

may i should phrase my question a little bit different

If i am not configuring that command, what kind of attack would not be detected?

New Member

Re: IOS IDS question

I assume the "flagged alert" in the command reference means a relict of the Postoffice protocol.

New Member

Re: IOS IDS question

You must be using a very old version of IOS in which the IDS feature is using 'ip audit...' command to configure, in these version of IOS, the IDS feature has a fixed number of hardcoded signatures.

IOS IDS/IPS feature has evolved quick a bit, starting 12.3(8)T, it starts support dynamic signatures and is a true inline ips sysstem. Recently, from 12.4(11)T, it supports 5.x signature format which enables ips to support signatures with encrypted parameter values and more functions (But this is not backward compatible w/ previous version).

For more information, please check Cisco.com at http://www.cisco.com/en/US/products/ps6634/products_ios_protocol_group_home.html

Also please check the white paper and Q&A section.

Thanks,

-Chris

141
Views
0
Helpful
4
Replies
CreatePlease login to create content