cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
405
Views
0
Helpful
2
Replies

IOS IDS?

dan.tesch
Level 1
Level 1

I am new to Cisco routers and have been trying to figure out some things in my config on a 2611. I recently tried to upgrade to a new version and had some problems - the TAC suggested that the different feature sets had something to do with it - this is when I became aware of the IDS in my version of IOS.

I am very familiar with Snort, how does what this is trying to do compare? the previous admin. didn't have the router going to a log or anything, is this IDS actually IPS? what does the router do with what it "detects" if it isn't logging? what is the best resource to find out how best to configure this, is it useful? I think the TAC guy I was working with suggested these lines are for IDS:

ip inspect max-incomplete high 1100

ip inspect one-minute high 1100

ip inspect name Ethernet_0_1 smtp

ip inspect name Ethernet_0_1 ftp

ip inspect name Ethernet_0_1 tcp

ip inspect name Ethernet_0_1 udp

ip inspect name Ethernet_0_1 cuseeme

ip inspect name Ethernet_0_0 tcp

ip inspect name Ethernet_0_0 udp

ip inspect name Ethernet_0_0 cuseeme

ip inspect name Ethernet_0_0 ftp

ip inspect name Ethernet_0_0 h323

ip inspect name Ethernet_0_0 rcmd

ip inspect name Ethernet_0_0 realaudio

ip inspect name Ethernet_0_0 smtp

ip inspect name Ethernet_0_0 streamworks

ip inspect name Ethernet_0_0 vdolive

ip inspect name Ethernet_0_0 sqlnet

ip inspect name Ethernet_0_0 tftp

ip audit notify log

ip audit po max-events 100

Are they defaults of some sort?

Some of this like vdolive, tftp, cuseeme

seem like junk?

Can someone give me some clues?

Thanks.

2 Replies 2