Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDS Signatures on IOS-FW

Hi there,

I have some very basic questions on the IDS feature available with the Cisco IOS based firewall and would appreciate it if someone could help me out.

1) Is it possible to create your own signatures on the above feature set and if so could you direct me to the appropriate documentation.

2) I have read in a book that the IOS firewall comes with 59 signatures. Can I update this to include more signatures (from the Cisco site).

Thanks in advance

CP

2 REPLIES
Cisco Employee

Re: IDS Signatures on IOS-FW

IOS-based IDS is very limited in its features. You can't add your own signatures. The sigs are inbuilt within the IOS code, so no modifications can be made or new ones added.

Up till 12.2(15)T it only had 59 signatures, in this release we came out with an additional 42 sigs making the current total 101. This is still far short of the 900-odd a true IDS sensor will look for, but basically the router CPU just isn't built to compare so many packets with so many signatures.

See http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122y/122yu11/ft_fwids.htm for the new sigs in 12.2(15)T.

See http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfids.htm for the IOS-IDS docs.

New Member

Re: IDS Signatures on IOS-FW

Hi,

Thanks for the input.

I guess I will have to look at setting up snort on a linux boz instead as the Cisco IDS solutions are way too expensive.

Regards

CP

86
Views
0
Helpful
2
Replies