Configure basic IDS on R4 using the ip audit command set. Use the first example that follows to configure IDS, and use the second example for logs generated when you detect an attack/signature.
Note that communication between IDS and Director is on UDP port 45000.
ip audit name lab1 info action alarm ip audit name lab1 attack action alarm !
interface FastEthernet2/0 ip address 10.10.45.4 255.255.255.0 ip audit lab1 in ip audit lab1 out duplex half
6d23h: %IDS-4-ICMP_FRAGMENT_SIG: Sig:2150:Fragmented ICMP Traffic - from 10.10.45.5 to 10.10.45.4
6.2.2 Signature Tuning
If you receive false positive alarms from the IDS on R4, you need to disable signature 3050 for host 10.50.16.5 on R4. The following example demonstrates tuning IDS signatures on R4:
ip audit signature 3050 list 5
access-list 5 deny 10.50.16.5 access-list 5 permit any
6.2.3 Spam Attack 1.
Configure R4 protection against SMTP mail spamming using the following command:
ip audit smtp spam 500
Was this article helpful?
Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.