Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco IDS General questions

We're evaluating deploying a Cisco NIDS on our network. Someone told me that the Cisco IDS solution is based on NT (?!). Say it ain't so!

Also, can the NIDS or IDS module detect common IIS attacks like buffer overflows, directory transversals, code red/blue/etc.? Can the IDS in the PIX firewall detect these attacks?

Thanks for your time.

  • Other Security Subjects
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cisco IDS General questions

With the IDS 4.0 code, all sensors that support this code run Linux, including the stand-alone sensors and the new IDSM-2.

In the older 3.0 code, the stand-alone appliances ran Unix while the sensor blade for the 6500 ran Windows.

Here's a link to the chapter on signature engines for the 4.0 code:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swappa.htm

This will give you great insight to the power of the IDS 4.0 signature engines and the signature list, which includes most of the signatures you mention above.

hope this helps,

peter

4 REPLIES
Cisco Employee

Re: Cisco IDS General questions

The 3.x version of NIDS are Solaris based while as the 4.x are Linux based.

IDS does detect the IIS buffer overflow. Please refer to the below url for the signature database (NSDB)

http://www.cisco.com/cgi-bin/front.x/csec/idsAllList.pl

IIS overflow sigs are 5246 thro 5248.

PIX IDS has only a samll subset (approx.75) of these signature.

Hope this helps.

Thanks,

yatin

New Member

Re: Cisco IDS General questions

Thanks, that was helpful.

Could you reply with a URL to a list of PIX IDS signatures?

Cisco Employee

Re: Cisco IDS General questions

Cisco Employee

Re: Cisco IDS General questions

With the IDS 4.0 code, all sensors that support this code run Linux, including the stand-alone sensors and the new IDSM-2.

In the older 3.0 code, the stand-alone appliances ran Unix while the sensor blade for the 6500 ran Windows.

Here's a link to the chapter on signature engines for the 4.0 code:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swappa.htm

This will give you great insight to the power of the IDS 4.0 signature engines and the signature list, which includes most of the signatures you mention above.

hope this helps,

peter

89
Views
21
Helpful
4
Replies
This widget could not be displayed.