I am new to Cisco routers and have been trying to figure out some things in my config on a 2611. I recently tried to upgrade to a new version and had some problems - the TAC suggested that the different feature sets had something to do with it - this is when I became aware of the IDS in my version of IOS.
I am very familiar with Snort, how does what this is trying to do compare? the previous admin. didn't have the router going to a log or anything, is this IDS actually IPS? what does the router do with what it "detects" if it isn't logging? what is the best resource to find out how best to configure this, is it useful? I think the TAC guy I was working with suggested these lines are for IDS:
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name Ethernet_0_1 smtp
ip inspect name Ethernet_0_1 ftp
ip inspect name Ethernet_0_1 tcp
ip inspect name Ethernet_0_1 udp
ip inspect name Ethernet_0_1 cuseeme
ip inspect name Ethernet_0_0 tcp
ip inspect name Ethernet_0_0 udp
ip inspect name Ethernet_0_0 cuseeme
ip inspect name Ethernet_0_0 ftp
ip inspect name Ethernet_0_0 h323
ip inspect name Ethernet_0_0 rcmd
ip inspect name Ethernet_0_0 realaudio
ip inspect name Ethernet_0_0 smtp
ip inspect name Ethernet_0_0 streamworks
ip inspect name Ethernet_0_0 vdolive
ip inspect name Ethernet_0_0 sqlnet
ip inspect name Ethernet_0_0 tftp
ip audit notify log
ip audit po max-events 100
Are they defaults of some sort?
Some of this like vdolive, tftp, cuseeme
seem like junk?
Can someone give me some clues?
Thanks.