Netband Project - IOS ips

From Teknologisk videncenter
Revision as of 06:41, 13 May 2009 by Sahan109 (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

IOS Intrusion Prevention System

This page is part of the Netband Project

Intrusion Prevention System signature version 4

ip ips sdf location flash:128MB.sdf
!
ip ips name B1rt1ips
!
interface FastEthernet0/0
 ip ips B1rt1ips in
!
B1rt1(config-if)#ip ips B1rt1ips in
.Apr 20 07:12:56.993: %IPS-6-SDF_LOAD_SUCCESS: SDF loaded successfully from flash:128MB.sdf
.Apr 20 07:12:56.993: %IPS-6-ENGINE_BUILDING: OTHER - 8 signatures - 1 of 15 engines
.Apr 20 07:12:56.993: %IPS-6-ENGINE_READY: OTHER - 0 ms - packets for this engine will be scanned
.Apr 20 07:12:56.993: %IPS-6-ENGINE_BUILDING: MULTI-STRING - 0 signatures - 2 of 15 engines
.Apr 20 07:12:56.993: %IPS-6-ENGINE_BUILD_SKIPPED: MULTI-STRING - there are no new signature definitions for this engine
.Apr 20 07:12:56.993: %IPS-6-ENGINE_BUILDING: STRING.ICMP - 2 signatures - 3 of 15 engines
.Apr 20 07:12:57.045: %IPS-6-ENGINE_READY: STRING.ICMP - 52 ms - packets for this engine will be scanned
.Apr 20 07:12:57.045: %IPS-6-ENGINE_BUILDING: STRING.UDP - 24 signatures - 4 of 15 engines
.Apr 20 07:12:57.989: %IPS-6-ENGINE_READY: STRING.UDP - 944 ms - packets for this engine will be scanned
.Apr 20 07:12:57.989: %IPS-6-ENGINE_BUILDING: STRING.TCP - 125 signatures - 5 of 15 engines
Apr 20 07:13:39.955: %IPS-6-ENGINE_READY: STRING.TCP - 41976 ms - packets for this engine will be scanned
Apr 20 07:13:39.955: %IPS-6-ENGINE_BUILDING: SERVICE.FTP - 1 signatures - 6 of 15 engines
Apr 20 07:13:39.979: %IPS-6-ENGINE_READY: SERVICE.FTP - 24 ms - packets for this engine will be scanned
Apr 20 07:13:39.979: %IPS-6-ENGINE_BUILDING: SERVICE.SMTP - 3 signatures - 7 of 15 engines
Apr 20 07:13:40.043: %IPS-6-ENGINE_READY: SERVICE.SMTP - 64 ms - packets for this engine will be scanned
Apr 20 07:13:40.043: %IPS-6-ENGINE_BUILDING: SERVICE.RPC - 38 signatures - 8 of 15 engines
Apr 20 07:13:40.327: %IPS-6-ENGINE_READY: SERVICE.RPC - 284 ms - packets for this engine will be scanned
Apr 20 07:13:40.327: %IPS-6-ENGINE_BUILDING: SERVICE.DNS - 29 signatures - 9 of 15 engines
Apr 20 07:13:40.367: %IPS-6-ENGINE_READY: SERVICE.DNS - 40 ms - packets for this engine will be scanned
Apr 20 07:13:40.367: %IPS-6-ENGINE_BUILDING: SERVICE.HTTP - 100 signatures - 10 of 15 engines
Apr 20 07:13:49.340: %IPS-6-ENGINE_BUILDING: ATOMIC.TCP - 7 signatures - 11 of 15 engines
Apr 20 07:13:49.348: %IPS-6-ENGINE_READY: ATOMIC.TCP - 8 ms - packets for this engine will be scanned
Apr 20 07:13:49.348: %IPS-6-ENGINE_BUILDING: ATOMIC.UDP - 3 signatures - 12 of 15 engines
Apr 20 07:13:49.352: %IPS-6-ENGINE_READY: ATOMIC.UDP - 4 ms - packets for this engine will be scanned
Apr 20 07:13:49.352: %IPS-6-ENGINE_BUILDING: ATOMIC.ICMP - 3 signatures - 13 of 15 engines
Apr 20 07:13:49.352: %IPS-6-ENGINE_READY: ATOMIC.ICMP - 0 ms - packets for this engine will be scanned
Apr 20 07:13:49.352: %IPS-6-ENGINE_BUILDING: ATOMIC.IPOPTIONS - 2 signatures - 14 of 15 engines
Apr 20 07:13:49.356: %IPS-6-ENGINE_READY: ATOMIC.IPOPTIONS - 4 ms - packets for this engine will be scanned
Apr 20 07:13:49.356: %IPS-6-ENGINE_BUILDING: ATOMIC.L3.IP - 6 signatures - 15 of 15 engines

Intrusion Prevention System signature version 5

  • IOS Release 12.4(15)T3 or later
  • Download the newest ios ips package from cisco, format: IOS-Sxxx-CLI.pkg
  • Could not be tested, because the routers available did not have enough ram to support the required ios image
ip ips name B1rt1ips
ip ips config location flash:ips
!
ip ips notify sdee
!
ip ips signature-category
 category all
  retired true
 category ios_ips basic
  retired false
!
interface FastEthernet0/0
 ip ips B1rt1ips in
  • copy the ips package to the router
copy ftp://<ftp:ftppw@10.2.1.50/IOS-S340-CLI.pkg idconf

External links

Version 5 signature configuration