RE: IDS - sensing interfaces

From: Christopher M. Heffner (cheffner@certified-labs.com)
Date: Fri Dec 02 2005 - 03:39:20 GMT-3

• Next message: Christopher M. Heffner: "RE: IDS - sensing interfaces"
• Previous message: rosy bird: "Anybody taking the lab in india in Dec"
• Maybe in reply to: Tim: "IDS - sensing interfaces"
• Next in thread: Christopher M. Heffner: "RE: IDS - sensing interfaces"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Multiple virtual sensors groups are NOT supported at this time. Cisco
documentation has said since 4.x software that you could do this but you
actually can't. Version 5.1 will be available soon but it will not
support virtual sensors either. The first version to supposedly support
virtual sensors will be 6.x.

Hope this helps.

Later.

Christopher M. Heffner, CCIE 8211, CCSI 98760
Strategic Network Solutions, Inc.
VP of Internetworking Technologies

www.certified-labs.com

"Complete CCIE R&S and Security Online Rack Rentals"

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Farrukh Haroon
Sent: Thursday, December 01, 2005 11:16 PM
To: Tim
Cc: Security@Groupstudy. com (E-mail); ccielab@groupstudy.com
Subject: Re: IDS - sensing interfaces

TIM AFAIK signatures are processed on per 'logical group' basis, by
default all sensing interfaces are placed in logical group 0, you can
create separate logical groups , and them move those particular
interface(s) from the default logical group to the new one

interface group 0
    no sensing-interface int2,3
    sensing-interface int0,int1

interface group 1
    sensing-interface int2,int3

and so on...

for IDM Configuration >> Sensing Engine >> Interface Groups

by default 'virtualSensor' is defined, associated with the default
(logical) interface group 0

However i dont think the sensor currently supports creating a separate
virtuals sensor other than the default 'virtualSensor' (at least not in
4.1
)

From the student guide:

"The virtualSensor provides the ability to run multiple virtual Sensors
on the same appliance, each configured with different signature behavior
and traffic feeds.
Although only one
virtualSensor is supported in Cisco IDS 4.x software, the basic
infrastructure is in place to support multiple virtualSensors in future
versions."

So what you are trying to acheive is not possible with 4.1 and older
versions..dont know about 5.0

HTH

Regards

Farrukh

On 12/2/05, Tim <ccie2be@nyc.rr.com> wrote:
>
> Hi guys,
>
>
>
> Can the types of intrusions being monitored for be different on
> different sensing interfaces on the same IDS device?
>
>
>
> For example, let's say an IDS has 3 sensing interfaces each monitoring

> different subnets.
>
>
>
> On one subnet - the outside untrusted subnet, I want to monitor for
> DOS attacks and some other things but on my inside, trusted subnets I
> don't want to monitor for DOS attacks.
>
>
>
> Is this possible? And, if so, how would I configure this?
>
>
>
> Thanks, Tim
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Christopher M. Heffner: "RE: IDS - sensing interfaces"
• Previous message: rosy bird: "Anybody taking the lab in india in Dec"
• Maybe in reply to: Tim: "IDS - sensing interfaces"
• Next in thread: Christopher M. Heffner: "RE: IDS - sensing interfaces"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3