Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > IDS & Spoofing -- PIX 6.3(4)

Reply
Thread Tools

IDS & Spoofing -- PIX 6.3(4)

 
 
J1C
Guest
Posts: n/a
 
      12-08-2005
What commands need to be configured to enable the IDS & anti spoofing
on the PIX 6.3(4) ?

I think I have it setup correctly, but would like to see what the
experts say.

Also, Kiwi is shooting this out now since I've configured it:

12-08 12:42:59 Local4.Alert 10.98.74.1 Dec 08 2005 08:41:37:
%PIX-1-106021: Deny udp reverse path check from 192.168.1.80 to
255.255.255.255 on interface outside.

Could someone explain that?

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      12-08-2005
In article <(E-Mail Removed) .com>,
J1C <(E-Mail Removed)> wrote:
>What commands need to be configured to enable the IDS


It is enabled by default, but if you want to change the
parameters, you can, e.g.,

ip audit name ids_outside_attack attack action alarm drop
ip audit name ids_outside_info info action alarm
ip audit interface outside ids_outside_info
ip audit interface outside ids_outside_attack


>& anti spoofing
>on the PIX 6.3(4) ?


ip verify reverse-path


>I think I have it setup correctly, but would like to see what the
>experts say.


>Also, Kiwi is shooting this out now since I've configured it:
>
>12-08 12:42:59 Local4.Alert 10.98.74.1 Dec 08 2005 08:41:37:
>%PIX-1-106021: Deny udp reverse path check from 192.168.1.80 to
>255.255.255.255 on interface outside.
>
>Could someone explain that?


What relationship does 192.168.1.80 bear to your inside or outside
IP address ranges? The 10.98.74.1 in the log message would imply that
your inside range is 10.98.74.x ?

In any case, a system with 192.168.1.80 is outside and trying to
broadcast data, /OR/ some host is inside but is not in the subnet of
your inside interface address range, and you are missing a "route
inside" statement for that range, and the host is trying to broadcast
and the PIX is (because of the missing route) sending the packets
outside (possibly nating them into 192.168.1.80 on the way), and your
WAN router is routing the packets back to the PIX which is noticing
that the 192.168.1.x packets should not have originated outside...
--
"No one has the right to destroy another person's belief by
demanding empirical evidence." -- Ann Landers
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
after transfer of data from MS-outlook(mail ids) to application,mail ids are consisting of strange characters vamsikrishna_b@coolgoose.com Python 2 06-21-2005 12:41 PM
Avoiding SMTP spoofing with Cisco PIX. It is possible ? Javier Cisco 3 09-29-2004 10:04 PM
How to test PIX IDS Erwin Lopez Cisco 2 06-25-2004 04:54 PM
PIX IDS Monitoring Mark Cisco 2 05-18-2004 07:24 PM
IDS policy on PIX Brian Bergin Cisco 5 11-30-2003 07:07 PM



Advertisments