Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3624
Views
28
Helpful
78
Replies

ASK THE EXPERT- TROUBLESHOOTING CISCO IDS/IPS

Aglaia Pitsillidou
Level 1
Level 1

‎06-03-2005 08:42 AM - edited ‎03-09-2019 11:28 AM

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to learn with Cisco expert Nadeem Khawaja about troubleshooting Cisco Intrusion Detection Systems and Intrusion Prevention Systems. Nadeem supports security related products, including Cisco Secure PIX Firewall, Cisco IOS Firewall, Cisco Secure Access Control Server UNIX & Windows NT and Cisco Secure Intrusion Systems at the Technical Assistance Center (TAC). He is a double CCIE (# 9069) in Routing & Switching and in Security.

 

Remember to use the rating system to let Nadeem know if you have received an adequate response.

 

Nadeem might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through June 17. Visit this forum often to view responses to your questions and the questions of other community members.

Labels:
0 Helpful
78 Replies 78

p-lees
Level 1
Level 1
In response to nkhawaja

‎06-16-2005 11:22 PM

Hi Nadeem,

As described in my earlier email, the build of the sensor is completely clean, i.e. no filters configured for anything, and the attacks i am launching are for signatures enabled. e.g. directory traversal attack such as http://www.xxxxx.com/../.. , or access to etc/shadows in a url. Both of which trigger events in my other 4215's which are built identically.

I can confirm that the attach reaches the sensor as interface counters increment when the attack is launched.

Any other thoughts ?

Regards

Phil

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to p-lees

‎06-17-2005 10:19 AM

You need to provide more details now. e.g. show version output

show interface output

output of "show event past 23:00"

the signature id that you are trigering

the output of "show config | begin SIGIG "

thanks

Nadeem

0 Helpful

k.lapczuk
Level 1
Level 1

‎06-17-2005 04:52 AM

Hi,

Q1: I encountered the problem with the blocking using IDS 4240. The sensor works perfectly when it makes ACL on the MSFC 6500. When it makes ACL on the Cat5500 (RSM, IOS 11.3.9) it grabs the NVRAM, and doesn't even let to make "show running" on the RSM. On the sensor I can see the state of the block constantly changing from the inactive to initializing. How to fix this?

Q2: When will be additional fastethernet cards available to IDS4240?

0 Helpful

nkhawaja
Cisco Employee
Cisco Employee
In response to k.lapczuk

‎06-17-2005 10:21 AM

what is your sensor version?

0 Helpful
Customers Also Viewed These Support Documents