03-15-2004 03:04 AM - edited 02-20-2020 11:17 PM
What signature enabale on PIX?
I must enable first?
03-15-2004 07:40 AM
this is what i have got configured
ip audit name IDS_info info action alarm
ip audit name IDS_attack attack action reset
ip audit interface outside IDS_info
ip audit interface outside IDS_attack
ip audit info action alarm reset
ip audit attack action alarm
you can also perform following:
CityID3(config)# show ip audit count
Signature outside Global
1000 I Bad IP Options List 0 0
1001 I Record Packet Route 0 0
1002 I Timestamp 0 0
1003 I Provide s,c,h,tcc 0 0
1004 I Loose Source Route 0 0
1005 I SATNET ID 0 0
1006 I Strict Source Route 0 0
1100 A IP Fragment Attack 0 0
1102 A Impossible IP Packet 0 0
1103 A IP Teardrop 0 0
2000 I ICMP Echo Reply 20 20
2001 I ICMP Unreachable 56395 56395
2002 I ICMP Source Quench 2664 2664
2003 I ICMP Redirect 388 388
2004 I ICMP Echo Request 5079 5079
2005 I ICMP Time Exceed 9117 9117
2006 I ICMP Parameter Problem 2 2
2007 I ICMP Time Request 0 0
2008 I ICMP Time Reply 0 0
2009 I ICMP Info Request 0 0
2010 I ICMP Info Reply 0 0
2011 I ICMP Address Mask Request 0 0
2012 I ICMP Address Mask Reply 0 0
2150 A Fragmented ICMP 0 0
2151 A Large ICMP 157 157
2154 A Ping of Death 0 0
3040 A TCP No Flags 72 72
3041 A TCP SYN & FIN Flags Only 50 50
3042 A TCP FIN Flag Only 4 4
3153 A FTP Improper Address 11 11
3154 A FTP Improper Port 0 0
4050 A Bomb 3 3
4051 A Snork 12 12
4052 A Chargen 0 0
6050 I DNS Host Info 0 0
6051 I DNS Zone Xfer 0 0
6052 I DNS Zone Xfer High Port 0 0
6053 I DNS All Records 0 0
6100 I RPC Port Registration 0 0
6101 I RPC Port Unregistration 0 0
6102 I RPC Dump 0 0
6103 A Proxied RPC 0 0
6150 I ypserv Portmap Request 0 0
6151 I ypbind Portmap Request 0 0
6152 I yppasswdd Portmap Request 0 0
6153 I ypupdated Portmap Request 0 0
6154 I ypxfrd Portmap Request 0 0
6155 I mountd Portmap Request 0 0
6175 I rexd Portmap Request 0 0
6180 I rexd Attempt 0 0
6190 A statd Buffer Overflow 0 0
CityID3(config)#
sam
03-15-2004 06:31 PM
Thank you your help so much
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: