topic Re: How to config PIX IDS feature? in Network Security https://community.cisco.com/t5/network-security/how-to-config-pix-ids-feature/m-p/270257#M593987 <HTML><HEAD></HEAD><BODY><P>this is what i have got configured</P><P>ip audit name IDS_info info action alarm</P><P>ip audit name IDS_attack attack action reset</P><P>ip audit interface outside IDS_info</P><P>ip audit interface outside IDS_attack</P><P>ip audit info action alarm reset</P><P>ip audit attack action alarm</P><P></P><P>you can also perform following:</P><P>CityID3(config)# show ip audit count</P><P>Signature outside Global</P><P>1000 I Bad IP Options List 0 0</P><P>1001 I Record Packet Route 0 0</P><P>1002 I Timestamp 0 0</P><P>1003 I Provide s,c,h,tcc 0 0</P><P>1004 I Loose Source Route 0 0</P><P>1005 I SATNET ID 0 0</P><P>1006 I Strict Source Route 0 0</P><P>1100 A IP Fragment Attack 0 0</P><P>1102 A Impossible IP Packet 0 0</P><P>1103 A IP Teardrop 0 0</P><P>2000 I ICMP Echo Reply 20 20</P><P>2001 I ICMP Unreachable 56395 56395</P><P>2002 I ICMP Source Quench 2664 2664</P><P>2003 I ICMP Redirect 388 388</P><P>2004 I ICMP Echo Request 5079 5079</P><P>2005 I ICMP Time Exceed 9117 9117</P><P>2006 I ICMP Parameter Problem 2 2</P><P>2007 I ICMP Time Request 0 0</P><P>2008 I ICMP Time Reply 0 0</P><P>2009 I ICMP Info Request 0 0</P><P>2010 I ICMP Info Reply 0 0</P><P>2011 I ICMP Address Mask Request 0 0</P><P>2012 I ICMP Address Mask Reply 0 0</P><P>2150 A Fragmented ICMP 0 0</P><P>2151 A Large ICMP 157 157</P><P>2154 A Ping of Death 0 0</P><P>3040 A TCP No Flags 72 72</P><P>3041 A TCP SYN &amp; FIN Flags Only 50 50</P><P>3042 A TCP FIN Flag Only 4 4</P><P>3153 A FTP Improper Address 11 11</P><P>3154 A FTP Improper Port 0 0</P><P>4050 A Bomb 3 3</P><P>4051 A Snork 12 12</P><P>4052 A Chargen 0 0</P><P>6050 I DNS Host Info 0 0</P><P>6051 I DNS Zone Xfer 0 0</P><P>6052 I DNS Zone Xfer High Port 0 0</P><P>6053 I DNS All Records 0 0</P><P>6100 I RPC Port Registration 0 0</P><P>6101 I RPC Port Unregistration 0 0</P><P>6102 I RPC Dump 0 0</P><P>6103 A Proxied RPC 0 0</P><P>6150 I ypserv Portmap Request 0 0</P><P>6151 I ypbind Portmap Request 0 0</P><P>6152 I yppasswdd Portmap Request 0 0</P><P>6153 I ypupdated Portmap Request 0 0</P><P>6154 I ypxfrd Portmap Request 0 0</P><P>6155 I mountd Portmap Request 0 0</P><P>6175 I rexd Portmap Request 0 0</P><P>6180 I rexd Attempt 0 0</P><P>6190 A statd Buffer Overflow 0 0</P><P>CityID3(config)#</P><P>sam</P></BODY></HTML> Mon, 15 Mar 2004 15:40:07 GMT ciscoacs 2004-03-15T15:40:07Z How to config PIX IDS feature? https://community.cisco.com/t5/network-security/how-to-config-pix-ids-feature/m-p/270256#M593986 <P>What signature enabale on PIX? </P><P>I must enable first?</P> Fri, 21 Feb 2020 07:17:41 GMT https://community.cisco.com/t5/network-security/how-to-config-pix-ids-feature/m-p/270256#M593986 adul 2020-02-21T07:17:41Z Re: How to config PIX IDS feature? https://community.cisco.com/t5/network-security/how-to-config-pix-ids-feature/m-p/270257#M593987 <HTML><HEAD></HEAD><BODY><P>this is what i have got configured</P><P>ip audit name IDS_info info action alarm</P><P>ip audit name IDS_attack attack action reset</P><P>ip audit interface outside IDS_info</P><P>ip audit interface outside IDS_attack</P><P>ip audit info action alarm reset</P><P>ip audit attack action alarm</P><P></P><P>you can also perform following:</P><P>CityID3(config)# show ip audit count</P><P>Signature outside Global</P><P>1000 I Bad IP Options List 0 0</P><P>1001 I Record Packet Route 0 0</P><P>1002 I Timestamp 0 0</P><P>1003 I Provide s,c,h,tcc 0 0</P><P>1004 I Loose Source Route 0 0</P><P>1005 I SATNET ID 0 0</P><P>1006 I Strict Source Route 0 0</P><P>1100 A IP Fragment Attack 0 0</P><P>1102 A Impossible IP Packet 0 0</P><P>1103 A IP Teardrop 0 0</P><P>2000 I ICMP Echo Reply 20 20</P><P>2001 I ICMP Unreachable 56395 56395</P><P>2002 I ICMP Source Quench 2664 2664</P><P>2003 I ICMP Redirect 388 388</P><P>2004 I ICMP Echo Request 5079 5079</P><P>2005 I ICMP Time Exceed 9117 9117</P><P>2006 I ICMP Parameter Problem 2 2</P><P>2007 I ICMP Time Request 0 0</P><P>2008 I ICMP Time Reply 0 0</P><P>2009 I ICMP Info Request 0 0</P><P>2010 I ICMP Info Reply 0 0</P><P>2011 I ICMP Address Mask Request 0 0</P><P>2012 I ICMP Address Mask Reply 0 0</P><P>2150 A Fragmented ICMP 0 0</P><P>2151 A Large ICMP 157 157</P><P>2154 A Ping of Death 0 0</P><P>3040 A TCP No Flags 72 72</P><P>3041 A TCP SYN &amp; FIN Flags Only 50 50</P><P>3042 A TCP FIN Flag Only 4 4</P><P>3153 A FTP Improper Address 11 11</P><P>3154 A FTP Improper Port 0 0</P><P>4050 A Bomb 3 3</P><P>4051 A Snork 12 12</P><P>4052 A Chargen 0 0</P><P>6050 I DNS Host Info 0 0</P><P>6051 I DNS Zone Xfer 0 0</P><P>6052 I DNS Zone Xfer High Port 0 0</P><P>6053 I DNS All Records 0 0</P><P>6100 I RPC Port Registration 0 0</P><P>6101 I RPC Port Unregistration 0 0</P><P>6102 I RPC Dump 0 0</P><P>6103 A Proxied RPC 0 0</P><P>6150 I ypserv Portmap Request 0 0</P><P>6151 I ypbind Portmap Request 0 0</P><P>6152 I yppasswdd Portmap Request 0 0</P><P>6153 I ypupdated Portmap Request 0 0</P><P>6154 I ypxfrd Portmap Request 0 0</P><P>6155 I mountd Portmap Request 0 0</P><P>6175 I rexd Portmap Request 0 0</P><P>6180 I rexd Attempt 0 0</P><P>6190 A statd Buffer Overflow 0 0</P><P>CityID3(config)#</P><P>sam</P></BODY></HTML> Mon, 15 Mar 2004 15:40:07 GMT https://community.cisco.com/t5/network-security/how-to-config-pix-ids-feature/m-p/270257#M593987 ciscoacs 2004-03-15T15:40:07Z Re: How to config PIX IDS feature? https://community.cisco.com/t5/network-security/how-to-config-pix-ids-feature/m-p/270258#M593988 <HTML><HEAD></HEAD><BODY><P>Thank you your help so much</P></BODY></HTML> Tue, 16 Mar 2004 02:31:56 GMT https://community.cisco.com/t5/network-security/how-to-config-pix-ids-feature/m-p/270258#M593988 adul 2004-03-16T02:31:56Z