Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
331
Views
21
Helpful
4
Replies

Cisco IDS General questions

Go to solution
r-lemaster
Level 1
Level 1

‎06-28-2003 04:27 PM - edited ‎03-09-2019 03:51 AM

We're evaluating deploying a Cisco NIDS on our network. Someone told me that the Cisco IDS solution is based on NT (?!). Say it ain't so!

Also, can the NIDS or IDS module detect common IIS attacks like buffer overflows, directory transversals, code red/blue/etc.? Can the IDS in the PIX firewall detect these attacks?

Thanks for your time.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pcomeaux
Cisco Employee
Cisco Employee

‎06-29-2003 06:49 PM

With the IDS 4.0 code, all sensors that support this code run Linux, including the stand-alone sensors and the new IDSM-2.

In the older 3.0 code, the stand-alone appliances ran Unix while the sensor blade for the 6500 ran Windows.

Here's a link to the chapter on signature engines for the 4.0 code:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swappa.htm

This will give you great insight to the power of the IDS 4.0 signature engines and the signature list, which includes most of the signatures you mention above.

hope this helps,

peter

View solution in original post

4 Replies 4

Go to solution
ywadhavk
Cisco Employee
Cisco Employee

‎06-29-2003 07:51 AM

The 3.x version of NIDS are Solaris based while as the 4.x are Linux based.

IDS does detect the IIS buffer overflow. Please refer to the below url for the signature database (NSDB)

http://www.cisco.com/cgi-bin/front.x/csec/idsAllList.pl

IIS overflow sigs are 5246 thro 5248.

PIX IDS has only a samll subset (approx.75) of these signature.

Hope this helps.

Thanks,

yatin

Go to solution
r-lemaster
Level 1
Level 1
In response to ywadhavk

‎06-29-2003 06:09 PM

Thanks, that was helpful.

Could you reply with a URL to a list of PIX IDS signatures?

0 Helpful

Go to solution
pcomeaux
Cisco Employee
Cisco Employee

‎06-29-2003 06:49 PM

With the IDS 4.0 code, all sensors that support this code run Linux, including the stand-alone sensors and the new IDSM-2.

In the older 3.0 code, the stand-alone appliances ran Unix while the sensor blade for the 6500 ran Windows.

Here's a link to the chapter on signature engines for the 4.0 code:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids9/idmiev/swappa.htm

This will give you great insight to the power of the IDS 4.0 signature engines and the signature list, which includes most of the signatures you mention above.

hope this helps,

peter

Customers Also Viewed These Support Documents