07-21-2005 03:28 AM - edited 03-10-2019 01:33 AM
How do you test a IOS IPS setup on a routers external interface checking inbound data is
working.
I have set it to notify via syslog (ip ips notify log) and i know the syslog
is working as an ACL is also set to log to syslog and this is showing
results on the syslog server.
I have tried sending (what i'm told is a ping of death) to the routers
external interface (ping -l 65500 ipaddress) but this shows on the syslog
server as being denied by the ACL but dosen't trigger a signature in the
IPS.
Is there a way of testing it from a windows platform?
07-26-2005 05:15 AM
try running a port scan on a network behind the router using something like
nmap -sT -T Insane "network here"
This should trigger an alert so you can test it.
07-26-2005 05:40 AM
Generate the required traffic using the NMAP application
you can get the alert Messages from the router itself , Please make use of the SDEE messages which will give the Complete info of the alerts generated ,
eg :: ip ips sdee alerts
ip ips sdee events
Make sure the sdee is enabled on the router
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide