Need to Implement IDS / IPS on a CISCO 3845

Discussion in 'Cisco' started by The Doctor, Jul 17, 2012.

  1. The Doctor

    The Doctor Guest

    Hello,

    my sh ver indicates

    Cisco IOS Software, 3800 Software (C3845-ADVENTERPRISEK9-M), Version 12.4(15)T6, RELEASE SOFTWARE (fc2)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by Cisco Systems, Inc.
    Compiled Mon 07-Jul-08 14:22 by prod_rel_team

    ROM: System Bootstrap, Version 12.4(13r)T10, RELEASE SOFTWARE (fc1)

    netknow uptime is 4 weeks, 6 days, 6 hours, 54 minutes
    System returned to ROM by power-on
    System restarted at 13:00:38 PCTime Wed Jun 13 2012
    System image file is "flash:c3845-adventerprisek9-mz.124-15.T6.bin"


    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.

    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

    If you require further assistance please contact us by sending email to
    .

    Cisco 3845 (revision 1.0) with 708608K/77824K bytes of memory.
    Processor board ID FTX1233A5AV
    2 Gigabit Ethernet interfaces
    2 Virtual Private Network (VPN) Modules
    DRAM configuration is 64 bits wide with parity enabled.
    479K bytes of NVRAM.
    255488K bytes of ATA System CompactFlash (Read/Write)

    Configuration register is 0x2102


    end of show ver

    I would like to implement IDS / IPS and update accordingly.

    also my edited sh run

    Current configuration : 33072 bytes
    !
    ! Last configuration change at 16:05:32 PCTime Mon Jul 2 2012 by web
    ! NVRAM config last updated at 16:05:34 PCTime Mon Jul 2 2012 by web
    !
    version 12.4
    no parser cache
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service compress-config
    service sequence-numbers
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200
    no logging rate-limit
    logging console critical
    enable secret level 5 5 $1$aL3Z$NlDaQ/X3vbHuS8tLclxAU.
    enable secret 5 $1$3EA4$rCq8Axa7a3ZketSxMvzFM.
    !
    no aaa new-model
    memory-size iomem 10
    clock timezone PCTime 0
    !
    crypto pki trustpoint TP-self-signed-3484789670
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3484789670
    revocation-check none
    rsakeypair TP-self-signed-3484789670
    !
    !
    crypto pki certificate chain TP-self-signed-3484789670
    certificate self-signed 01
    3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33343834 37383936 3730301E 170D3039 30383235 31353531
    33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34383437
    38393637 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100ADF5 A9469A99 541DD7C8 DA07A8A6 51C15019 FA657A31 9754F13A 511F210B
    64B486CE 81213182 4A2708C3 E7A9CC1B DA0C9883 DCC69B50 DFFD49E6 5B9B0945
    0F09C4DA 8BDC29BB 1593D334 8C9E9F69 2195A085 2729FAAB 67DE7AD2 90D3585E
    165C4783 FFB9ACC7 B1B7FA1D F4BE1130 856AD959 0FF4D53F 429E7A8B 81C44F8B
    B6E70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
    551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
    301F0603 551D2304 18301680 148D4E54 9054AD58 FCAC9CD5 4C685555 C46CE96B
    51301D06 03551D0E 04160414 8D4E5490 54AD58FC AC9CD54C 685555C4 6CE96B51
    300D0609 2A864886 F70D0101 04050003 8181003A 6F13391E ABACBAB1 C5827937
    E71D3EDF 84699A35 9596D97B 6295AEEF 27457F4A 490D0282 75DADCA6 6B324758
    30E91CB5 37F903A7 E51A618E 699A7280 84D1FC38 8082D9FE 9FE6288C CE9DCAAA
    0AB73908 C63935C0 99277D22 2C796B05 A0009606 A54336E9 947F9CF5 56DEF447
    E0200B34 F8175B91 235B50EA D63BC7AC 2397B1
    quit
    dot11 syslog
    no ip cef

    ip nbar resources protocol 3600 skype
    ip nbar resources protocol 3600 directconnect
    ip nbar resources protocol 3600 bittorrent
    ip nbar resources protocol 3600 winmx
    ip nbar resources protocol 3600 edonkey
    ip nbar resources protocol 3600 rtcp
    ip nbar resources protocol 3600 sip
    ip nbar resources protocol 3600 h323
    ip nbar resources protocol 3600 skinny
    ip nbar resources protocol 3600 mgcp
    ip nbar resources protocol 3600 rtp
    ip nbar resources protocol 3600 rtsp
    ip nbar resources protocol 3600 custom-10
    ip nbar resources protocol 3600 custom-09
    ip nbar resources protocol 3600 custom-08
    ip nbar resources protocol 3600 custom-07
    ip nbar resources protocol 3600 custom-06
    ip nbar resources protocol 3600 custom-05
    ip nbar resources protocol 3600 custom-04
    ip nbar resources protocol 3600 custom-03
    ip nbar resources protocol 3600 custom-02
    ip nbar resources protocol 3600 custom-01
    ip nbar resources protocol 3600 kazaa2
    ip nbar resources protocol 3600 gnutella
    ip nbar resources protocol 3600 fasttrack
    ip nbar resources protocol 3600 citrix
    ip nbar resources protocol 3600 streamwork
    ip nbar resources protocol 3600 sunrpc
    ip nbar resources protocol 3600 netshow
    ip nbar resources protocol 3600 rcmd
    ip nbar resources protocol 3600 sqlnet
    ip nbar resources protocol 3600 vdolive
    ip nbar resources protocol 3600 exchange
    ip nbar resources protocol 3600 tftp
    ip nbar resources protocol 3600 novadigm
    ip nbar resources protocol 3600 printer
    ip nbar resources protocol 3600 xwindows
    ip nbar resources protocol 3600 secure-ftp
    ip nbar resources protocol 3600 secure-telnet
    ip nbar resources protocol 3600 telnet
    ip nbar resources protocol 3600 syslog
    ip nbar resources protocol 3600 ssh
    ip nbar resources protocol 3600 socks
    ip nbar resources protocol 3600 snmp
    ip nbar resources protocol 3600 smtp
    ip nbar resources protocol 3600 rsvp
    ip nbar resources protocol 3600 rip
    ip nbar resources protocol 3600 pptp
    ip nbar resources protocol 3600 secure-pop3
    ip nbar resources protocol 3600 pop3
    ip nbar resources protocol 3600 pcanywhere
    ip nbar resources protocol 3600 ntp
    ip nbar resources protocol 3600 notes
    ip nbar resources protocol 3600 secure-nntp
    ip nbar resources protocol 3600 nntp
    ip nbar resources protocol 3600 nfs
    ip nbar resources protocol 3600 netbios
    ip nbar resources protocol 3600 sqlserver
    ip nbar resources protocol 3600 secure-ldap
    ip nbar resources protocol 3600 ldap
    ip nbar resources protocol 3600 l2tp
    ip nbar resources protocol 3600 kerberos
    ip nbar resources protocol 3600 secure-irc
    ip nbar resources protocol 3600 irc
    ip nbar resources protocol 3600 secure-imap
    ip nbar resources protocol 3600 imap
    ip nbar resources protocol 3600 secure-http
    ip nbar resources protocol 3600 gopher
    ip nbar resources protocol 3600 finger
    ip nbar resources protocol 3600 dns
    ip nbar resources protocol 3600 dhcp
    ip nbar resources protocol 3600 cuseeme
    ip nbar resources protocol 3600 bgp
    ip nbar resources protocol 3600 ospf
    ip nbar resources protocol 3600 ipsec
    ip nbar resources protocol 3600 ipinip
    ip nbar resources protocol 3600 eigrp
    ip nbar resources protocol 3600 icmp
    ip nbar resources protocol 3600 gre
    ip nbar resources protocol 3600 egp
    !
    !
    no ip bootp server
    ip domain name nk.ca
    ip host ...

    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    multilink bundle-name authenticated
    !
    voice-card 0
    no dspfarm
    !
    !
    username ...

    archive
    log config
    hidekeys
    !
    !
    ip tcp synwait-time 10
    !
    !

    interface GigabitEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ES_LAN$
    ip address <internal interface>
    ip access-group 102 in
    ip access-group 105 out
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip policy route-map <map>
    load-interval 30
    duplex auto
    speed auto
    media-type rj45
    ntp broadcast
    no cdp enable
    no mop enabled

    interface GigabitEthernet0/1
    ip address 74.123.69.58 255.255.255.252
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip accounting output-packets
    ip accounting precedence input
    ip accounting precedence output
    ip accounting access-violations
    ip nbar protocol-discovery
    ip route-cache flow
    no ip mroute-cache
    load-interval 30
    duplex full
    speed 100
    media-type rj45
    no mop enabled
    hold-queue 100 in
    !
    no ip forward-protocol nd

    Ip routing including 0.0.0.0 0.0.0.0

    logging trap debugging


    access-lists

    snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
    no cdp run
    arp 204.209.81.3 00e0.8134.8364 ARPA

    route-map nonat permit 10
    match ip address 188
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    banner exec ^C
    % Password expiration warning.
    -----------------------------------------------------------------------

    Cisco Router and Security Device Manager (SDM) is installed on this device and
    it provides the default username "cisco" for one-time use. If you have already
    used the username "cisco" to login to the router and your IOS image supports the
    "one-time" user option, then this username has already expired. You will not be
    able to login to the router with this username after you exit this session.

    It is strongly suggested that you create a new username with a privilege level
    of 15 using the following command.

    username <myuser> privilege 15 secret 0 <mypassword>

    Replace <myuser> and <mypassword> with the username and password you want to
    use.

    -----------------------------------------------------------------------
    ^C
    banner login ^CCCCCCCOnly authorized users allowed^C
    !
    line con 0
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    login local
    transport input pad telnet rlogin udptn v120 ssh
    line vty 5 15
    access-class 23 in
    privilege level 15
    login
    transport input none
    !
    scheduler allocate 20000 1000
    ntp clock-period 17207749
    ntp source GigabitEthernet0/0
    ntp server 204.209.81.1
    !
    end

    end of sh run

    Anything else I need to give you?
    --
    Member - Liberal International This is Ici
    God,Queen and country!Never Satan President Republic!Beware AntiChrist rising!
    http://www.fullyfollow.me/rootnl2k
    That church which changes with the times cannot also be abiding in Christ
     
    The Doctor, Jul 17, 2012
    #1
    1. Advertising

  2. The Doctor

    tomslack34

    Joined:
    Mar 15, 2013
    Messages:
    3
    This is what i call an informative and helpful article.
     
    tomslack34, Mar 15, 2013
    #2
    1. Advertising

  3. The Doctor

    Headset Adapter Co.

    Joined:
    Mar 20, 2013
    Messages:
    2
    Location:
    www.headsetadapter.com
    Try to Google for "cisco ios ids" (sorry, forum does not allow posting links). Generally, you have to start auditing traffic, to get some results.

    Good luck,

    Mike / CCNP, CCDP, CCSP, CCVP
    Headset Adapter Co.
     
    Headset Adapter Co., Mar 20, 2013
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Richard R. Field

    IDS and IPS

    Richard R. Field, Feb 25, 2004, in forum: Cisco
    Replies:
    0
    Views:
    550
    Richard R. Field
    Feb 25, 2004
  2. tobi
    Replies:
    1
    Views:
    3,370
    David West
    Jul 1, 2005
  3. rzirzi

    IOS IDS/IPS signatures

    rzirzi, Sep 8, 2005, in forum: Cisco
    Replies:
    2
    Views:
    658
    rzirzi
    Sep 11, 2005
  4. Simpledog

    Best Freeware XP IDS/IPS

    Simpledog, Dec 5, 2004, in forum: Computer Security
    Replies:
    2
    Views:
    1,095
    Don Kelloway
    Dec 5, 2004
  5. AF

    5505 - IPS/IDS

    AF, Jul 9, 2007, in forum: Cisco
    Replies:
    3
    Views:
    869
    Walter Roberson
    Jul 11, 2007
Loading...

Share This Page