Re: IDS configuration issues

From: Kal Han (calikali2006@gmail.com)
Date: Wed Sep 20 2006 - 18:19:46 ART

• Next message: xprtofnet: "Re: RSPAN"
• Previous message: Eugene Ward: "Re: RSPAN"
• Maybe in reply to: 2nd CCIE: "IDS configuration issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In the place where it shows the interfaces
( on the gui, after you click the interfaces link...
I dont have the gui so I cant tell where exactly it is )
But on the interfaces page, there is a checkbox kind of thing
with heading of the table being "enable".
You have to check that checkbox to enable the interface.

On 9/20/06, 2nd CCIE <doubleccie@yahoo.com> wrote:
>
> Well ...I am not sure about your question
>
> I have enabled the signature and made the alarm severity to high (sign
> 2000 and 2004)
> however i have never seen any alarms generated as high severity
>
> the sensing interface is showing up on the sensor config\interfaces tab
>
> is there any other place where i need to enable the interface for certain
> signature ?
>
>
> I tried also to enable some debugs on the switch to see if the SPAN is
> actually working ..but i never get anything as output of that ...i will try
> the ethereal suggestion of kal han
>
>
> any suggestions will be appreciated
>
> thanks
>
> Danshtr <danshtr@gmail.com> wrote:
> have you enabled the interface on the signature tab?
>
> On 9/20/06, 2nd CCIE <doubleccie@yahoo.com> wrote: I did that ...i made
> the severity to be high ..however i never seen anything on the IEV ..only
> informational serverity increases ..but 0 high serverity .
>
> how can i make sure that the switch is actually sending anything to the
> sensing interface?
>
> thanks for your help
>
> Kal Han <calikali2006@gmail.com> wrote:
> Hi
> Just enable ICMP echo and ICMP echo-reply signatures on the sensor,
> Add your sensor to the IEV and ping any host in vlan11.
> That triggers an event by the sensor ( if the monitoring
> is working and sending a copy of traffic to the sensor )
> and you can see the event on your IEV.
> Does this help ?
> Thanks
> Kal
>
>
> On 9/20/06, 2nd CCIE <doubleccie@yahoo.com> wrote: Hi Folks ;
> I am trying to practise some IDS , I have an IDS 4.1 .
>
> my setup is simple PC --------sw1------------(sniff)
> IDS-(c&c)-------sw1-----------IEV
>
> I am using separate vlan for the PC and Sniff port than the C&C port and
> IEV
>
> the IEV can ping the cc port , I can also login via IDM to the sensor
>
> my configuration on the switch is as follows
>
> monitor session 1 source vlan 11 rx
> monitor session 1 destination interface Fa0/12
>
> my first question here is that ..how can i make sure that the monitoring
> is actually working and sends traffic to the sniff port of the IDS ???
>
> I have access via IDM as well as keyboard and monitor .
>
> can someone help that so i can post my other questions ?:)
>
>
>
>
> ---------------------------------
> How low will we go? Check out Yahoo! Messengers low PC-to-Phone call
> rates.
>
>
>
>
>
>
> ---------------------------------
> Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great
> rates starting at 1"/min.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
> --
> Best regards,
> Dan
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Next-gen email? Have it all with the all-new Yahoo! Mail.

• Next message: xprtofnet: "Re: RSPAN"
• Previous message: Eugene Ward: "Re: RSPAN"
• Maybe in reply to: 2nd CCIE: "IDS configuration issues"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART