Cisco Support Community
Cisco Employee

Cisco IDS Active Update Bulletin #5

Cisco IDS Active Update Bulletin #5

Monday, October 22, 2001


As always, please feel free to message us directly if you have any comments or questions ( We also encourage you to participate in the Cisco IDS User's Forum at

Best regards,

--The Cisco IDS Product Team


In This Issue:

1) Release of IDSM 3.0 for the Catalyst 6K Line Card.

2) In The News: Cisco IDS Takes Top Honors in Network World Review.

3) Subscription Information.


1) Release of IDSM 3.0 for the Catalyst 6K Line Card


This section describes the new features for the Catalyst 6000 family IDSM software release 3.0(2)S6.

· Module Overrun Indicator: Ability to report when the IDSM reaches saturation and begins to drop packets.

· De-obfuscation: The IDSM signature set has been enhanced with deobfuscation capability.

· DoS Mitigation: The IDSM can now detect network Denial of Service (DoS) attacks; for example, the IDSM can detect SYN floods.

· Response Action: The IDSM now has shunning capability.

· The IDSM can now automatically push its log files to remote systems using FTP.

· Automatic Signature Updater: The apply command has been enhanced to allow you to set up automatic signature updates.

· Direct Telnet to IDSM: You can now Telnet directly to the IP address assigned to the IDSM command and control interface.

· Enhanced exclusion/inclusion of Signatures: The user may exclude or include (to override exclusions) signatures based on the following criteria: Source and Destination IP ranges.

Documentation on IDSM 3.0 is available on CCO (Cisco Connection Online) at:

Customers running 2.5 software on their IDSM may upgrade to 3.0 by first downloading and installing the base software for 3.0. This is available at the following CCO site:

This can be further updated to the latest (currently S6) signature release found here:

The version 2.2.x Unix Directors and CSPM 2.3.x must have the S9 or greater signature update in order to configure a 3.0(2)S6 Intrusion Detection System Module (IDSM). If the Unix Director or CSPM already has the S9 or greater Signature Update, the update does not need to be reapplied.

Note You must follow special steps if you are using the Director version2.2.3 and upgrading the IDSM from version 2.5 to 3.0. See the "Upgrading the IDSM from Version 2.5 to Version 3.0(2)S6" section of the Release Notes for more information.

The latest versions of CSPM (including the s(9) update for CSPM 2.3.2i) & the Unix Director are available for download at: (CSPM) (Unix Director)


2) In The News: Cisco IDS Takes Top Honors in Network World Review


This article reviewed the top five commercial IDS products with Cisco's IDS finishing first.

This review looked at Cisco, ISS, Enterasys Networks,, and Computer Associates.



3) Subscription Information


If you'd like to unsubscribe from this bulletin.

We'd like to know what you think about the bulletin and what information you'd like to see in future editions. E-mail your comments to:

Copyright (c) 2001 Cisco Systems, Inc.

CreatePlease to create content