Intrusion Detection System IDS 621 Basic IDS Configuration

Configure basic IDS on R4 using the ip audit command set. Use the first example that follows to configure IDS, and use the second example for logs generated when you detect an attack/signature.

NOTE

Note that communication between IDS and Director is on UDP port 45000.

ip audit name lab1 info action alarm ip audit name lab1 attack action alarm !

interface FastEthernet2/0 ip address 10.10.45.4 255.255.255.0 ip audit lab1 in ip audit lab1 out duplex half

6d23h: %IDS-4-ICMP_FRAGMENT_SIG: Sig:2150:Fragmented ICMP Traffic - from 10.10.45.5 to 10.10.45.4

6.2.2 Signature Tuning

If you receive false positive alarms from the IDS on R4, you need to disable signature 3050 for host 10.50.16.5 on R4. The following example demonstrates tuning IDS signatures on R4:

ip audit signature 3050 list 5

access-list 5 deny 10.50.16.5 access-list 5 permit any

6.2.3 Spam Attack 1.

Configure R4 protection against SMTP mail spamming using the following command:

ip audit smtp spam 500

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment