Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IDS on PIX: Attack vs Info signatures.

What's the difference between Attack and Info policies with the PIX IDS feature? It looks like the same global signatures are used for each one, so why have two policies if they both do the same thing?

It would be nice to enable or disable different signatures based on the interface or what action you want to take; ie: Alarm for some signatures, drop + alarm for others.

Thanks, Randy

1 REPLY

Re: IDS on PIX: Attack vs Info signatures.

Randy,

Each of the IDS sigs on the PIX are categorized as either attack sigs (more severe) or informational sigs (less severe). Take a look at the following link for a chart that differentiates these:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemsgs.htm#1138590

So, each policy you configure effects the various sigs under the category where they are defined.

And, I don't think there is anything preventing you from creating multiple policies on your PIX and then applying each of them to a seperate interface. I do think that disabling sigs is going to apply globally though so I see part of your point.

Hope this helps.

Scott

93
Views
0
Helpful
1
Replies
CreatePlease to create content