06-03-2003 11:27 AM - edited 02-20-2020 10:46 PM
Hi, I noticed that there is a monitoring piece in my PDM that includes IDS. But when I looked at the histories, there wasn't anything there. Is there something special to make it work, or is it a separate piece of hardware ?
Thanks
06-03-2003 12:35 PM
PIX IOS has IDS with Limitied features. These features can identify certain attack signatures. Based on the configuration the malicious packets can be blocked etc.
Thank you.
Murthy.
06-03-2003 01:32 PM
My understanding is that IDS is already active by default. As Murthy suggested, it is an option to buy for more Intrusion Detection Signatures. By default I believe it comes with some standard 50 to 55 signatures.
06-03-2003 03:30 PM
The IDS features of the Pix are VERY limited and are not enabled by default. They are enabled per interface using the [ip audit] commands.
They are very basic and cannot be upgraded as an option. New Pix code releases are the only method to "upgrade" the IDS signatures. For example, pix 6.3.1 code included a few new signatures above 6.2.2.
06-04-2003 04:51 AM
It seems like I can not put in anything under policy to interface mappings via PDM or cli. What am I missing ?
Thanks.
06-05-2003 06:58 AM
These commands would create to IP audit polices that both "alarm" only and applies them to the outside interface:
ip audit name outside-ids info action alarm
ip audit name outside-ids2 attack action alarm
ip audit interface outside outside-ids2
06-05-2003 10:37 AM
Thanks, I will try it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: