https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520352#M161406 <HTML><HEAD></HEAD><BODY><P>Try this link</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017cf19.html#wp1072958" target="_blank">http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017cf19.html#wp1072958</A></P></BODY></HTML> Fri, 26 May 2006 12:49:23 GMT irisrios 2006-05-26T12:49:23Z https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520351#M161405 <P>hello</P><P></P><P>ip audit protected [ip address - ip address]</P><P> </P><P>according to cco it defines a protected address space for IDS, this is from cisco.</P><P>An attack signature detects attacks attempted into the protected network, such as denial-of-service attempts or the execution of illegal commands during an FTP session. </P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfids.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_c/ftrafwl/scfids.htm</A></P><P> </P><P>i have tested IDS today with ICMP flooding, i got alarms for ICMP attack SIG .2050 even without configuring this command.</P><P>does anybody know, what exactly this command does?</P><P> </P><P>regards</P><P>Louis</P><P></P> Sun, 10 Mar 2019 10:01:44 GMT https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520351#M161405 lkrucker 2019-03-10T10:01:44Z https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520352#M161406 <HTML><HEAD></HEAD><BODY><P>Try this link</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017cf19.html#wp1072958" target="_blank">http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017cf19.html#wp1072958</A></P></BODY></HTML> Fri, 26 May 2006 12:49:23 GMT https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520352#M161406 irisrios 2006-05-26T12:49:23Z https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520353#M161407 <HTML><HEAD></HEAD><BODY><P>thanks but unfortunately its still not clear for me. </P><P></P><P>If no addresses are defined as protected, then all addresses are considered outside the protected network. </P><P></P><P>may i should phrase my question a little bit different</P><P></P><P>If i am not configuring that command, what kind of attack would not be detected? </P><P></P><P></P><P></P><P></P></BODY></HTML> Mon, 29 May 2006 06:21:40 GMT https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520353#M161407 lkrucker 2006-05-29T06:21:40Z https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520354#M161408 <HTML><HEAD></HEAD><BODY><P>I assume the "flagged alert" in the command reference means a relict of the Postoffice protocol.</P></BODY></HTML> Wed, 27 Jun 2007 10:23:05 GMT https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520354#M161408 herbert.aichhorn 2007-06-27T10:23:05Z https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520355#M161409 <HTML><HEAD></HEAD><BODY><P>You must be using a very old version of IOS in which the IDS feature is using 'ip audit...' command to configure, in these version of IOS, the IDS feature has a fixed number of hardcoded signatures.</P><P></P><P>IOS IDS/IPS feature has evolved quick a bit, starting 12.3(8)T, it starts support dynamic signatures and is a true inline ips sysstem. Recently, from 12.4(11)T, it supports 5.x signature format which enables ips to support signatures with encrypted parameter values and more functions (But this is not backward compatible w/ previous version).</P><P></P><P>For more information, please check Cisco.com at <A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6634/products_ios_protocol_group_home.html" target="_blank">http://www.cisco.com/en/US/products/ps6634/products_ios_protocol_group_home.html</A></P><P></P><P>Also please check the white paper and Q&amp;A section.</P><P></P><P>Thanks,</P><P>-Chris</P></BODY></HTML> Wed, 27 Jun 2007 16:40:11 GMT https://community.cisco.com/t5/network-security/ios-ids-question/m-p/520355#M161409 ymzhang 2007-06-27T16:40:11Z