cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

522
Views
0
Helpful
4
Replies
Charles_Chi4
Beginner

IDSM-2 Password and config guide

Hello, i need some help here about IDS, i'm so noob about IDS.

Like another ppl's case before, i also can't access the IDS module. It's likely that someone changed the password before and i'm the new guy in this company. And it's never activated in 6500 switch before. As i see there's no configuration in show run | inc intrusion-detection.

I think about reimage cause i have no idea what is the login of root and service in IDS as i read in documentation.

I can only access login with user : guest and pass : cisco. After i reset the cf:1 and it goes to maintenance image version 2.1(2).

When i show module in 6500 switch, it shows :

Mod Ports Card Type Model Serial No.

--- ----- -------------------------------------- ------------------ -----------

4 8 Intrusion Detection System (MP) WS-SVC-IDSM-2 SAD104400HR

Mod MAC addresses Hw Fw Sw Status

--- ---------------------------------- ------ ------------ ------------ -------

4 0019.0628.0602 to 0019.0628.0609 6.2 7.2(1) 2.1(2)m Ok

Mod Sub-Module Model Serial Hw Status

--- --------------------------- ------------------ ------------ ------- -------

4 IDS 2 accelerator board WS-SVC-IDSUPG ADBG63900378 2.5 Ok

Mod Online Diag Status

--- -------------------

4 Pass

and when i show version and image in the IDS as "guest", it shows :

guest@localhost.localdomain#show version

Maintenance image version: 2.1(2)

mp.2-1-2.bin : Thu Nov 18 11:41:36 PST 2004 : integ@kplus-build-lx.cisco.com

Line Card Number :WS-SVC-IDSM2-XL

Number of Pentium-class Processors : 2

BIOS Vendor: Phoenix Technologies Ltd.

BIOS Version: 4.0-Rel 6.0.9

Total available memory: 2012 MB

Size of compact flash: 122 MB

Size of hard disk: 38154 MB

Daughter Card Info: Falcon rev 3, FW ver 2.1.3.1 (IDS), SRAM 8 MB, SDRAM 256 MB

guest@localhost.localdomain#show images

Device name Partition# Image name

----------- ---------- ----------

Hard disk(hdd) 1 5.0(2)

For the show config above, what image should i get to reimage this IDS? And could you give me the link? And give me the link the link of config guide to this stuff. And for one thing, i just found 1 IDSM-2 module in 6500 and no IDSM-1 as i know as sensor. Could i use IDSM-2 standalone to detect malicious traffic and packet?

Thanks before and sorry for being so noob and asking too much ^.^

4 REPLIES 4
yusuff
Cisco Employee

Password Recovery Procedure for the Cisco IDS Sensor and IDS Services Modules (IDSM-1, IDSM-2)

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_password_recovery09186a0080094e83.shtml

Hi Yusuff,

Could i set the IDSM-2's log into syslog application like kiwi?

Absolutely, here is one for you, http://www.intersectalliance.com/projects/SnareBackLog/index.html

They sell a full blow one but I don't know how it is we use Cisco MARS to do event correlations.

Heres the snmp link you need.

http://cco/en/US/products/hw/vpndevc/ps4077/products_configuration_guide_chapter09186a0080459221.html#wp1054534

Content for Community-Ad