Netband Project - IOS ips
From Teknologisk videncenter
Contents
IOS Intrusion Prevention System
This page is part of the Netband Project
Intrusion Prevention System signature version 4
ip ips sdf location flash:128MB.sdf ! ip ips name B1rt1ips ! interface FastEthernet0/0 ip ips B1rt1ips in !
B1rt1(config-if)#ip ips B1rt1ips in .Apr 20 07:12:56.993: %IPS-6-SDF_LOAD_SUCCESS: SDF loaded successfully from flash:128MB.sdf .Apr 20 07:12:56.993: %IPS-6-ENGINE_BUILDING: OTHER - 8 signatures - 1 of 15 engines .Apr 20 07:12:56.993: %IPS-6-ENGINE_READY: OTHER - 0 ms - packets for this engine will be scanned .Apr 20 07:12:56.993: %IPS-6-ENGINE_BUILDING: MULTI-STRING - 0 signatures - 2 of 15 engines .Apr 20 07:12:56.993: %IPS-6-ENGINE_BUILD_SKIPPED: MULTI-STRING - there are no new signature definitions for this engine .Apr 20 07:12:56.993: %IPS-6-ENGINE_BUILDING: STRING.ICMP - 2 signatures - 3 of 15 engines .Apr 20 07:12:57.045: %IPS-6-ENGINE_READY: STRING.ICMP - 52 ms - packets for this engine will be scanned .Apr 20 07:12:57.045: %IPS-6-ENGINE_BUILDING: STRING.UDP - 24 signatures - 4 of 15 engines .Apr 20 07:12:57.989: %IPS-6-ENGINE_READY: STRING.UDP - 944 ms - packets for this engine will be scanned .Apr 20 07:12:57.989: %IPS-6-ENGINE_BUILDING: STRING.TCP - 125 signatures - 5 of 15 engines Apr 20 07:13:39.955: %IPS-6-ENGINE_READY: STRING.TCP - 41976 ms - packets for this engine will be scanned Apr 20 07:13:39.955: %IPS-6-ENGINE_BUILDING: SERVICE.FTP - 1 signatures - 6 of 15 engines Apr 20 07:13:39.979: %IPS-6-ENGINE_READY: SERVICE.FTP - 24 ms - packets for this engine will be scanned Apr 20 07:13:39.979: %IPS-6-ENGINE_BUILDING: SERVICE.SMTP - 3 signatures - 7 of 15 engines Apr 20 07:13:40.043: %IPS-6-ENGINE_READY: SERVICE.SMTP - 64 ms - packets for this engine will be scanned Apr 20 07:13:40.043: %IPS-6-ENGINE_BUILDING: SERVICE.RPC - 38 signatures - 8 of 15 engines Apr 20 07:13:40.327: %IPS-6-ENGINE_READY: SERVICE.RPC - 284 ms - packets for this engine will be scanned Apr 20 07:13:40.327: %IPS-6-ENGINE_BUILDING: SERVICE.DNS - 29 signatures - 9 of 15 engines Apr 20 07:13:40.367: %IPS-6-ENGINE_READY: SERVICE.DNS - 40 ms - packets for this engine will be scanned Apr 20 07:13:40.367: %IPS-6-ENGINE_BUILDING: SERVICE.HTTP - 100 signatures - 10 of 15 engines Apr 20 07:13:49.340: %IPS-6-ENGINE_BUILDING: ATOMIC.TCP - 7 signatures - 11 of 15 engines Apr 20 07:13:49.348: %IPS-6-ENGINE_READY: ATOMIC.TCP - 8 ms - packets for this engine will be scanned Apr 20 07:13:49.348: %IPS-6-ENGINE_BUILDING: ATOMIC.UDP - 3 signatures - 12 of 15 engines Apr 20 07:13:49.352: %IPS-6-ENGINE_READY: ATOMIC.UDP - 4 ms - packets for this engine will be scanned Apr 20 07:13:49.352: %IPS-6-ENGINE_BUILDING: ATOMIC.ICMP - 3 signatures - 13 of 15 engines Apr 20 07:13:49.352: %IPS-6-ENGINE_READY: ATOMIC.ICMP - 0 ms - packets for this engine will be scanned Apr 20 07:13:49.352: %IPS-6-ENGINE_BUILDING: ATOMIC.IPOPTIONS - 2 signatures - 14 of 15 engines Apr 20 07:13:49.356: %IPS-6-ENGINE_READY: ATOMIC.IPOPTIONS - 4 ms - packets for this engine will be scanned Apr 20 07:13:49.356: %IPS-6-ENGINE_BUILDING: ATOMIC.L3.IP - 6 signatures - 15 of 15 engines
Intrusion Prevention System signature version 5
- IOS Release 12.4(15)T3 or later
- Download the newest ios ips package from cisco, format: IOS-Sxxx-CLI.pkg
- Could not be tested, because the routers available did not have enough ram to support the required ios image
ip ips name B1rt1ips ip ips config location flash:ips ! ip ips notify sdee ! ip ips signature-category category all retired true category ios_ips basic retired false ! interface FastEthernet0/0 ip ips B1rt1ips in
- copy the ips package to the router
copy ftp://<ftp:ftppw@10.2.1.50/IOS-S340-CLI.pkg idconf