Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
4
Helpful
4
Replies

Can I update signatures (IDS) in a router with IOS/FW/IDS?

Go to solution
a.manso
Level 1
Level 1

‎09-01-2004 02:00 AM - edited ‎03-09-2019 08:40 AM

I have a Router 3725 with IOS FW/IDS version 12.2.3. Can I update IDS signatures?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
travis-dennis_2
Level 7
Level 7

‎09-01-2004 03:50 AM

Sorry but no is the answer. IOS IDS signatures are hardcoded into the IOS code. They are rarely updated. All you can really do is enable them or not and some simple logging of what they catch.

HTH,

Travis

View solution in original post

0 Helpful
4 Replies 4

Go to solution
travis-dennis_2
Level 7
Level 7

‎09-01-2004 03:50 AM

Sorry but no is the answer. IOS IDS signatures are hardcoded into the IOS code. They are rarely updated. All you can really do is enable them or not and some simple logging of what they catch.

HTH,

Travis

0 Helpful

Go to solution
jeff.bankston
Level 1
Level 1

‎09-01-2004 04:01 AM

only with an IOS upgrade, and then only when you know that the signatures have been updated. I've been using the IOS FW-IDS for quite a long time, since Cisco's early adoption of it. In the 12.3 codeset, Cisco has done alot of neat things with this feature set and updated several signatures to include things like Kazza/Kazaa2, http buffer overflows, and more.

I recently tested 12.3(9a) on a 2621 (not an XM) and it works great with the new signatures. However, like the other gentleman noted, Cisco sometimes goes thru a dry spell where the IOS doesn't get updated.

Just remember - you're asking a router to do a firewall's job. If you're looking for frequent and detailed signatures/updates, perhaps you'd be better off looking at a PIX. If you can live with infrequent updates, say 3 a year or so, and don't need nuts-down detailed protection, the IOS firewall is fine for most applications.

FWIW

-Jeff

0 Helpful

Go to solution
flyingmunk
Level 1
Level 1
In response to jeff.bankston

‎09-01-2004 05:34 AM

this is from and earlier post i did. as i said below, as of 12.3(8)T, there are some signature updates that you can download, and install on your router. see below:

Sep 1, 2004, 6:14am PST

never heard of a 3750. do you mean 3745?

anyway, there are some versions of ios that support what cisco is calling IOS IPS. i believe support for this starts at 12.3(8)T, so you'll need to upgrade.

the IPS is still not as full featured as an ids appliance, but you will have more signatures and control. you might want to look at using SDM, if you are going to use the IPS features.

for monitoring, you can use the syslog, or get a copy of VMS/Security Monitor, which will log the alerts/violations.

take a look at this link:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_8/gt_fwids.htm#wp1121231

hope this helps,

chris

Go to solution
jeff.bankston
Level 1
Level 1
In response to flyingmunk

‎09-01-2004 06:38 AM

I just did some research on IPS, and its only available on the newer router models, which makes sense. These new functions require more CPU cycles, more memory, and more flash, which eliminates the legacy 2600 family from being used.

That's fine, I'm getting ready to upgrade ours to the XM line anyhow. Good URL, thanks.

-Jeff

0 Helpful
Customers Also Viewed These Support Documents