09-25-2003 07:12 AM - edited 03-09-2019 04:55 AM
Hi there,
I have some very basic questions on the IDS feature available with the Cisco IOS based firewall and would appreciate it if someone could help me out.
1) Is it possible to create your own signatures on the above feature set and if so could you direct me to the appropriate documentation.
2) I have read in a book that the IOS firewall comes with 59 signatures. Can I update this to include more signatures (from the Cisco site).
Thanks in advance
CP
09-28-2003 11:14 PM
IOS-based IDS is very limited in its features. You can't add your own signatures. The sigs are inbuilt within the IOS code, so no modifications can be made or new ones added.
Up till 12.2(15)T it only had 59 signatures, in this release we came out with an additional 42 sigs making the current total 101. This is still far short of the 900-odd a true IDS sensor will look for, but basically the router CPU just isn't built to compare so many packets with so many signatures.
See http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122y/122yu11/ft_fwids.htm for the new sigs in 12.2(15)T.
See http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfids.htm for the IOS-IDS docs.
09-29-2003 11:39 AM
Hi,
Thanks for the input.
I guess I will have to look at setting up snort on a linux boz instead as the Cisco IDS solutions are way too expensive.
Regards
CP
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: