IDS & Spoofing -- PIX 6.3(4)

Discussion in 'Cisco' started by J1C, Dec 8, 2005.

  1. J1C

    J1C Guest

    What commands need to be configured to enable the IDS & anti spoofing
    on the PIX 6.3(4) ?

    I think I have it setup correctly, but would like to see what the
    experts say.

    Also, Kiwi is shooting this out now since I've configured it:

    12-08 12:42:59 Local4.Alert 10.98.74.1 Dec 08 2005 08:41:37:
    %PIX-1-106021: Deny udp reverse path check from 192.168.1.80 to
    255.255.255.255 on interface outside.

    Could someone explain that?
     
    J1C, Dec 8, 2005
    #1
    1. Advertising

  2. In article <>,
    J1C <> wrote:
    >What commands need to be configured to enable the IDS


    It is enabled by default, but if you want to change the
    parameters, you can, e.g.,

    ip audit name ids_outside_attack attack action alarm drop
    ip audit name ids_outside_info info action alarm
    ip audit interface outside ids_outside_info
    ip audit interface outside ids_outside_attack


    >& anti spoofing
    >on the PIX 6.3(4) ?


    ip verify reverse-path


    >I think I have it setup correctly, but would like to see what the
    >experts say.


    >Also, Kiwi is shooting this out now since I've configured it:
    >
    >12-08 12:42:59 Local4.Alert 10.98.74.1 Dec 08 2005 08:41:37:
    >%PIX-1-106021: Deny udp reverse path check from 192.168.1.80 to
    >255.255.255.255 on interface outside.
    >
    >Could someone explain that?


    What relationship does 192.168.1.80 bear to your inside or outside
    IP address ranges? The 10.98.74.1 in the log message would imply that
    your inside range is 10.98.74.x ?

    In any case, a system with 192.168.1.80 is outside and trying to
    broadcast data, /OR/ some host is inside but is not in the subnet of
    your inside interface address range, and you are missing a "route
    inside" statement for that range, and the host is trying to broadcast
    and the PIX is (because of the missing route) sending the packets
    outside (possibly nating them into 192.168.1.80 on the way), and your
    WAN router is routing the packets back to the PIX which is noticing
    that the 192.168.1.x packets should not have originated outside...
    --
    "No one has the right to destroy another person's belief by
    demanding empirical evidence." -- Ann Landers
     
    Walter Roberson, Dec 8, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Brian Bergin

    IDS policy on PIX

    Brian Bergin, Nov 27, 2003, in forum: Cisco
    Replies:
    5
    Views:
    2,970
    John Doe
    Nov 30, 2003
  2. Mark

    PIX IDS Monitoring

    Mark, May 18, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,869
    Martin Bilgrav
    May 18, 2004
  3. Erwin Lopez

    How to test PIX IDS

    Erwin Lopez, Jun 25, 2004, in forum: Cisco
    Replies:
    2
    Views:
    1,439
    Peter Van Epp
    Jun 25, 2004
  4. Javier
    Replies:
    3
    Views:
    561
  5. Gary
    Replies:
    0
    Views:
    430
Loading...

Share This Page