Re: IDS configuration issues

From: Kal Han (calikali2006@gmail.com)
Date: Wed Sep 20 2006 - 15:05:37 ART

• Next message: 2nd CCIE: "Re: IDS configuration issues"
• Previous message: Brian Dennis: "RE: TCL script"
• Maybe in reply to: 2nd CCIE: "IDS configuration issues"
• Next in thread: 2nd CCIE: "Re: IDS configuration issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi
Just enable ICMP echo and ICMP echo-reply signatures on the sensor,
Add your sensor to the IEV and ping any host in vlan11.
That triggers an event by the sensor ( if the monitoring
is working and sending a copy of traffic to the sensor )
and you can see the event on your IEV.
Does this help ?
Thanks
Kal

On 9/20/06, 2nd CCIE <doubleccie@yahoo.com> wrote:
>
> Hi Folks ;
> I am trying to practise some IDS , I have an IDS 4.1 .
>
> my setup is simple PC --------sw1------------(sniff)
> IDS-(c&c)-------sw1-----------IEV
>
> I am using separate vlan for the PC and Sniff port than the C&C port and
> IEV
>
> the IEV can ping the cc port , I can also login via IDM to the sensor
>
> my configuration on the switch is as follows
>
> monitor session 1 source vlan 11 rx
> monitor session 1 destination interface Fa0/12
>
> my first question here is that ..how can i make sure that the monitoring
> is actually working and sends traffic to the sniff port of the IDS ???
>
> I have access via IDM as well as keyboard and monitor .
>
> can someone help that so i can post my other questions ?:)
>
>
>
>
> ---------------------------------
> How low will we go? Check out Yahoo! Messengers low PC-to-Phone call
> rates.

• Next message: 2nd CCIE: "Re: IDS configuration issues"
• Previous message: Brian Dennis: "RE: TCL script"
• Maybe in reply to: 2nd CCIE: "IDS configuration issues"
• Next in thread: 2nd CCIE: "Re: IDS configuration issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART