1. Home
  2. Cisco Systems
  3. Cisco IPS dropping packets

Cisco IPS dropping packets

I am trying to setup the cisco IPS on the front facing interface of a

3845 router. Every time I enable the IPS, no packets are allowed to pass through the router. w/out IPS, everything works fine (except there is no IPS). The moment I enable it, nothing can get through.

I have:

ip ips sdf location flash://sdmips.sdf ip ips sdf location flash://256MB.sdf autosave ip ips name sdm_ips_rule_IPS list IPS

. . interface GigabitEthernet0/0 ip address 127.2.2.3 255.255.255.248

Reply to
BarrySDCA
Loading thread data ...

Do not know the cause of your issue, however, you should be aware that Cisco issued a security advisory regarding the IPS feature

see

formatting link

Reply to
Merv

might be why IPS is crashed...thank you for this info.

Reply to
BarrySDCA

For security vulnerabilities, I believe you can get a newer image from the Cisco TAC if you do not have a Smartnet support agreement for the unit under test

Reply to
Merv

Are you allowed to define multiple sdf locations? How would the router know which to load?

Have you verified your IPS config, and that the signatures have actually loaded?

sh ip ips configuration sh ip ips signatures

Best Regards, News Reader

Reply to
News Reader

I configured it w/out the location, so it will load signatures from the buildin. I know they are loading from the syslog generated. here are the outputs. thank you for your help. I continue to go in circles on this...

C3845#sh ip ips config Configured SDF Locations: none Builtin signatures are enabled and loaded Last successful SDF load time: 20:38:21 Pacific Apr 13 2008 IPS fail closed is disabled IPS deny-action ips-interface is false Fastpath ips is enabled Quick run mode is enabled Event notification through syslog is enabled Event notification through SDEE is disabled Total Active Signatures: 132 Total Inactive Signatures: 0 Signature 1107:0 disable IPS Rule Configuration IPS name sdm_ips_rule_IPS acl list IPS Interface Configuration Interface GigabitEthernet0/0 Inbound IPS rule is sdm_ips_rule_IPS acl list IPS Outgoing IPS rule is not set

C3845#sh ip ips signatures Builtin signatures are configured Builtin signatures are loaded

Cisco SDF release version S46.0

Trend SDF release version V0.0

Action=3D(A)larm,(D)rop,(R)eset,Deny-(H)ost,Deny-(F)low

*=3DMarked for Deletion WF=3DWantFrag Trait=3DAlarmTraits MH=3DMinHits AI=3DAlarmInterval CT=3DChokeThreshold TI=3DThrottleInterval AT=3DAlarmThrottle FA=3DFlipAddr

Signature Micro-Engine: OTHER (3 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 1202:0 Y A HIGH 0 0 0 100 15 FA N Y S37 1206:0 Y A INFO 0 0 0 100 15 FA N Y S37 3050:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: STRING.UDP (1 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 4100:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: STRING.TCP (3 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3150:0 Y A INFO 0 1 0 100 15 FA N S37 3151:0 Y A INFO 0 1 0 100 15 FA N S37 3152:0 Y A MED 0 1 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.FTP (2 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3153:0 Y A MED 0 0 0 100 15 FA N S37 3154:0 Y A MED 0 0 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.SMTP (10 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3100:0 Y A MED 0 0 0 100 15 FA N S37 3101:0 Y A MED 0 0 0 100 15 FA N S37 3102:0 Y A MED 0 0 0 100 15 FA N S37 3103:0 Y A INFO 0 0 0 100 15 FA N S37 3103:1 Y A INFO 0 0 0 100 15 FA N S37 3104:0 Y A INFO 0 0 0 100 15 FA N S37 3104:1 Y A INFO 0 0 0 100 15 FA N S37 3105:0 Y A LOW 0 0 0 100 15 FA N S37 3106:0 Y A LOW 0 250 0 100 15 FA N S37 3107:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.RPC (26 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 6100:0 Y A HIGH 0 0 0 100 30 FA N S37 6100:1 Y A HIGH 0 0 0 100 30 FA N S37 6101:0 Y A HIGH 0 0 0 100 30 FA N S37 6101:1 Y A HIGH 0 0 0 100 30 FA N S37 6102:0 Y A MED 0 0 0 100 30 FA N S37 6102:1 Y A MED 0 0 0 100 30 FA N S37 6103:0 Y A INFO 0 0 0 100 30 FA N S37 6103:1 Y A INFO 0 0 0 100 30 FA N S37 6150:0 Y A INFO 0 0 0 100 30 FA N S37 6150:1 Y A INFO 0 0 0 100 30 FA N S37 6151:0 Y A INFO 0 0 0 100 30 FA N S37 6151:1 Y A INFO 0 0 0 100 30 FA N S37 6152:0 Y A INFO 0 0 0 100 30 FA N S37 6152:1 Y A INFO 0 0 0 100 30 FA N S37 6153:0 Y A INFO 0 0 0 100 30 FA N S37 6153:1 Y A INFO 0 0 0 100 30 FA N S37 6154:0 Y A INFO 0 0 0 100 30 FA N S37 6154:1 Y A INFO 0 0 0 100 30 FA N S37 6155:0 Y A LOW 0 0 0 100 30 FA N S37 6155:1 Y A LOW 0 0 0 100 30 FA N S37 6175:0 Y A LOW 0 0 0 100 30 FA N S37 6175:1 Y A LOW 0 0 0 100 30 FA N S37 6180:0 Y A MED 0 0 0 100 30 FA N S37 6180:1 Y A MED 0 0 0 100 30 FA N S37 6190:0 Y A HIGH 0 0 0 100 30 FA N S37 6190:1 Y A HIGH 0 0 0 100 30 FA N S37

Signature Micro-Engine: SERVICE.DNS (23 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 6050:0 Y A LOW 0 0 0 100 30 FA N S37 6050:1 Y A LOW 0 0 0 100 30 FA N S37 6051:0 Y A INFO 0 0 0 100 30 FA N S37 6051:1 Y A INFO 0 0 0 100 30 FA N S37 6052:0 Y A MED 0 0 0 100 30 FA N S37 6052:1 Y A MED 0 0 0 100 30 FA N S37 6053:0 Y A INFO 0 0 0 100 30 FA N S37 6053:1 Y A INFO 0 0 0 100 30 FA N S37 6054:0 Y A LOW 0 0 0 100 30 FA N S37 6054:1 Y A LOW 0 0 0 100 30 FA N S37 6055:0 Y A HIGH 0 0 0 100 30 FA N S37 6055:1 Y A HIGH 0 0 0 100 30 FA N S37 6055:2 Y A HIGH 0 0 0 100 30 FA N S37 6056:0 Y A HIGH 0 0 0 100 30 FA N S37 6056:1 Y A HIGH 0 0 0 100 30 FA N S37 6056:2 Y A HIGH 0 0 0 100 30 FA N S37 6057:0 Y A HIGH 0 0 0 100 30 FA N S37 6057:1 Y A HIGH 0 0 0 100 30 FA N S37 6057:2 Y A HIGH 0 0 0 100 30 FA N S37 6062:0 Y A LOW 0 0 0 100 30 FA N S37 6062:1 Y A LOW 0 0 0 100 30 FA N S37 6063:0 Y A INFO 0 0 0 100 30 FA N S37 6063:1 Y A INFO 0 0 0 100 30 FA N S37

Signature Micro-Engine: SERVICE.HTTP (24 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3215:0 Y A MED 0 1 0 100 15 FA N S37 3229:0 Y A HIGH 0 1 0 100 15 FA N S37 3233:0 Y A HIGH 0 1 0 100 15 FA N S37 5034:0 Y A HIGH 0 1 0 100 15 FA N S37 5035:0 Y A HIGH 0 1 0 100 15 FA N S37 5041:0 Y A HIGH 0 1 0 100 15 FA N S37 5043:1 Y A HIGH 0 1 0 100 15 FA N S37 5043:2 Y A HIGH 0 1 0 100 15 FA N S37 5043:3 Y A HIGH 0 1 0 100 15 FA N S37 5044:0 Y A HIGH 0 1 0 100 15 FA N S37 5045:0 Y A HIGH 0 1 0 100 15 FA N S37 5050:0 Y A HIGH 0 1 0 100 15 FA N S37 5055:0 Y A HIGH 0 1 0 100 15 FA N S37 5071:0 Y A HIGH 0 1 0 100 15 FA N S37 5081:0 Y A MED 0 1 0 100 15 FA N S37 5090:0 Y A LOW 0 1 0 100 15 FA N S37 5114:0 Y A MED 0 1 0 100 15 FA N S37 5114:1 Y A MED 0 1 0 100 15 FA N S37 5114:2 Y A MED 0 1 0 100 15 FA N S37 5116:0 Y A HIGH 0 1 0 100 15 FA N S37 5117:0 Y A HIGH 0 1 0 100 15 FA N S37 5118:0 Y A HIGH 0 1 0 100 15 FA N S37 5123:0 Y A HIGH 0 1 0 100 15 FA N S37 5123:1 Y A HIGH 0 1 0 100 15 FA N S37

Signature Micro-Engine: ATOMIC.TCP (6 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3038:0 Y A HIGH 0 0 0 100 30 FA N Y S37 3039:0 Y A HIGH 0 0 0 100 30 FA N Y S37 3040:0 Y A HIGH 0 0 0 100 30 FA N N S37 3041:0 Y A HIGH 0 0 0 100 30 FA N N S37 3042:0 Y A HIGH 0 0 0 100 30 FA N N S37 3043:0 Y A HIGH 0 0 0 100 30 FA N Y S37

Signature Micro-Engine: ATOMIC.UDP (7 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 4050:0 Y A LOW 0 0 0 100 30 FA N S37 4051:1 Y A LOW 0 0 0 100 30 FA N S37 4051:2 Y A LOW 0 0 0 100 30 FA N S37 4051:3 Y A LOW 0 0 0 100 30 FA N S37 4052:1 Y A LOW 0 0 0 100 30 FA N S37 4052:2 Y A LOW 0 0 0 100 30 FA N S37 4600:0 Y A MED 0 0 0 100 30 FA N S37

Signature Micro-Engine: ATOMIC.ICMP (14 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 2000:0 Y A INFO 0 0 0 100 30 FA N S37 2001:0 Y A INFO 0 0 0 100 30 FA N S37 2002:0 Y A INFO 0 0 0 100 30 FA N S37 2003:0 Y A INFO 0 0 0 100 30 FA N S37 2004:0 Y A INFO 0 0 0 100 30 FA N S37 2005:0 Y A INFO 0 0 0 100 30 FA N S37 2006:0 Y A INFO 0 0 0 100 30 FA N S37 2007:0 Y A INFO 0 0 0 100 30 FA N S37 2008:0 Y A INFO 0 0 0 100 30 FA N S37 2009:0 Y A INFO 0 0 0 100 30 FA N S37 2010:0 Y A INFO 0 0 0 100 30 FA N S37 2011:0 Y A INFO 0 0 0 100 30 FA N S37 2012:0 Y A INFO 0 0 0 100 30 FA N S37 2150:0 Y A INFO 0 0 0 100 30 FA N Y S37

Signature Micro-Engine: ATOMIC.IPOPTIONS (7 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 1000:0 Y A INFO 0 0 0 100 30 FA N S37 1001:0 Y A INFO 0 0 0 100 30 FA N S37 1002:0 Y A INFO 0 0 0 100 30 FA N S37 1003:0 Y A INFO 0 0 0 100 30 FA N S37 1004:0 Y A HIGH 0 0 0 100 30 FA N S37 1005:0 Y A INFO 0 0 0 100 30 FA N S37 1006:0 Y A HIGH 0 0 0 100 30 FA N S37

Signature Micro-Engine: ATOMIC.L3.IP (6 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 1101:0 Y A INFO 0 0 0 100 30 FA N S37 1102:0 Y A HIGH 0 0 0 100 30 FA N S37 1104:0 Y A HIGH 0 0 0 100 30 FA N S37 1107:0 N A INFO 0 0 0 100 30 FA N S37 2151:0 Y A INFO 0 0 0 100 30 FA N S37 2154:0 Y A HIGH 0 0 0 100 30 FA N Y S37 Total Active Signatures: 132 Total Inactive Signatures: 0

C3845#

On Apr 13, 9:52=A0am, News Reader wrote:

Reply to
BarrySDCA

I tried that too...I actually deleted the location lines and let it load from the built in signatures. still going in circles on this....Here are the outputs. thank you!

C3845#sh ip ips config Configured SDF Locations: none Builtin signatures are enabled and loaded Last successful SDF load time: 20:38:21 Pacific Apr 13 2008 IPS fail closed is disabled IPS deny-action ips-interface is false Fastpath ips is enabled Quick run mode is enabled Event notification through syslog is enabled Event notification through SDEE is disabled Total Active Signatures: 132 Total Inactive Signatures: 0 Signature 1107:0 disable IPS Rule Configuration IPS name sdm_ips_rule_IPS acl list IPS Interface Configuration Interface GigabitEthernet0/0 Inbound IPS rule is sdm_ips_rule_IPS acl list IPS Outgoing IPS rule is not set C3845#sh ip ips signatures Builtin signatures are configured Builtin signatures are loaded

Cisco SDF release version S46.0

Trend SDF release version V0.0

Action=3D(A)larm,(D)rop,(R)eset,Deny-(H)ost,Deny-(F)low

*=3DMarked for Deletion WF=3DWantFrag Trait=3DAlarmTraits MH=3DMinHits AI=3DAlarmInterval CT=3DChokeThreshold TI=3DThrottleInterval AT=3DAlarmThrottle FA=3DFlipAddr

Signature Micro-Engine: OTHER (3 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 1202:0 Y A HIGH 0 0 0 100 15 FA N Y S37 1206:0 Y A INFO 0 0 0 100 15 FA N Y S37 3050:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: STRING.UDP (1 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 4100:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: STRING.TCP (3 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3150:0 Y A INFO 0 1 0 100 15 FA N S37 3151:0 Y A INFO 0 1 0 100 15 FA N S37 3152:0 Y A MED 0 1 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.FTP (2 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3153:0 Y A MED 0 0 0 100 15 FA N S37 3154:0 Y A MED 0 0 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.SMTP (10 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3100:0 Y A MED 0 0 0 100 15 FA N S37 3101:0 Y A MED 0 0 0 100 15 FA N S37 3102:0 Y A MED 0 0 0 100 15 FA N S37 3103:0 Y A INFO 0 0 0 100 15 FA N S37 3103:1 Y A INFO 0 0 0 100 15 FA N S37 3104:0 Y A INFO 0 0 0 100 15 FA N S37 3104:1 Y A INFO 0 0 0 100 15 FA N S37 3105:0 Y A LOW 0 0 0 100 15 FA N S37 3106:0 Y A LOW 0 250 0 100 15 FA N S37 3107:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.RPC (26 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 6100:0 Y A HIGH 0 0 0 100 30 FA N S37 6100:1 Y A HIGH 0 0 0 100 30 FA N S37 6101:0 Y A HIGH 0 0 0 100 30 FA N S37 6101:1 Y A HIGH 0 0 0 100 30 FA N S37 6102:0 Y A MED 0 0 0 100 30 FA N S37 6102:1 Y A MED 0 0 0 100 30 FA N S37 6103:0 Y A INFO 0 0 0 100 30 FA N S37 6103:1 Y A INFO 0 0 0 100 30 FA N S37 6150:0 Y A INFO 0 0 0 100 30 FA N S37 6150:1 Y A INFO 0 0 0 100 30 FA N S37 6151:0 Y A INFO 0 0 0 100 30 FA N S37 6151:1 Y A INFO 0 0 0 100 30 FA N S37 6152:0 Y A INFO 0 0 0 100 30 FA N S37 6152:1 Y A INFO 0 0 0 100 30 FA N S37 6153:0 Y A INFO 0 0 0 100 30 FA N S37 6153:1 Y A INFO 0 0 0 100 30 FA N S37 6154:0 Y A INFO 0 0 0 100 30 FA N S37 6154:1 Y A INFO 0 0 0 100 30 FA N S37 6155:0 Y A LOW 0 0 0 100 30 FA N S37 6155:1 Y A LOW 0 0 0 100 30 FA N S37 6175:0 Y A LOW 0 0 0 100 30 FA N S37 6175:1 Y A LOW 0 0 0 100 30 FA N S37 6180:0 Y A MED 0 0 0 100 30 FA N S37 6180:1 Y A MED 0 0 0 100 30 FA N S37 6190:0 Y A HIGH 0 0 0 100 30 FA N S37 --More-- Authorized access only! Disconnect IMMEDIATELY if you are not an authorized user!

User Access Verification

Username: Ali Password: C3845#config t Enter configuration commands, one per line. End with CNTL/Z. C3845(config)#ip ips name sdm_ips_rule_IPS list IPS C3845(config)#int gigabitethernet0/0 C3845(config-if)# ip ips sdm_ips_rule_IPS in C3845(config-if)# ip virtual-reassembly C3845(config-if)#^Z C3845#sh ips config ^ % Invalid input detected at '^' marker.

C3845#sh ip ips config Configured SDF Locations: none Builtin signatures are enabled and loaded Last successful SDF load time: 20:38:21 Pacific Apr 13 2008 IPS fail closed is disabled IPS deny-action ips-interface is false Fastpath ips is enabled Quick run mode is enabled Event notification through syslog is enabled Event notification through SDEE is disabled Total Active Signatures: 132 Total Inactive Signatures: 0 Signature 1107:0 disable IPS Rule Configuration IPS name sdm_ips_rule_IPS acl list IPS Interface Configuration Interface GigabitEthernet0/0 Inbound IPS rule is sdm_ips_rule_IPS acl list IPS Outgoing IPS rule is not set C3845#sh ip ips signatures Builtin signatures are configured Builtin signatures are loaded

Cisco SDF release version S46.0

Trend SDF release version V0.0

Action=3D(A)larm,(D)rop,(R)eset,Deny-(H)ost,Deny-(F)low

*=3DMarked for Deletion WF=3DWantFrag Trait=3DAlarmTraits MH=3DMinHits AI=3DAlarmInterval CT=3DChokeThreshold TI=3DThrottleInterval AT=3DAlarmThrottle FA=3DFlipAddr

Signature Micro-Engine: OTHER (3 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 1202:0 Y A HIGH 0 0 0 100 15 FA N Y S37 1206:0 Y A INFO 0 0 0 100 15 FA N Y S37 3050:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: STRING.UDP (1 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 4100:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: STRING.TCP (3 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3150:0 Y A INFO 0 1 0 100 15 FA N S37 3151:0 Y A INFO 0 1 0 100 15 FA N S37 3152:0 Y A MED 0 1 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.FTP (2 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3153:0 Y A MED 0 0 0 100 15 FA N S37 3154:0 Y A MED 0 0 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.SMTP (10 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3100:0 Y A MED 0 0 0 100 15 FA N S37 3101:0 Y A MED 0 0 0 100 15 FA N S37 3102:0 Y A MED 0 0 0 100 15 FA N S37 3103:0 Y A INFO 0 0 0 100 15 FA N S37 3103:1 Y A INFO 0 0 0 100 15 FA N S37 3104:0 Y A INFO 0 0 0 100 15 FA N S37 3104:1 Y A INFO 0 0 0 100 15 FA N S37 3105:0 Y A LOW 0 0 0 100 15 FA N S37 3106:0 Y A LOW 0 250 0 100 15 FA N S37 3107:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.RPC (26 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 6100:0 Y A HIGH 0 0 0 100 30 FA N S37 6100:1 Y A HIGH 0 0 0 100 30 FA N S37 6101:0 Y A HIGH 0 0 0 100 30 FA N S37 6101:1 Y A HIGH 0 0 0 100 30 FA N S37 6102:0 Y A MED 0 0 0 100 30 FA N S37 6102:1 Y A MED 0 0 0 100 30 FA N S37 6103:0 Y A INFO 0 0 0 100 30 FA N S37 6103:1 Y A INFO 0 0 0 100 30 FA N S37 6150:0 Y A INFO 0 0 0 100 30 FA N S37 6150:1 Y A INFO 0 0 0 100 30 FA N S37 6151:0 Y A INFO 0 0 0 100 30 FA N S37 6151:1 Y A INFO 0 0 0 100 30 FA N S37 6152:0 Y A INFO 0 0 0 100 30 FA N S37 6152:1 Y A INFO 0 0 0 100 30 FA N S37 6153:0 Y A INFO 0 0 0 100 30 FA N S37 6153:1 Y A INFO 0 0 0 100 30 FA N S37 6154:0 Y A INFO 0 0 0 100 30 FA N S37 6154:1 Y A INFO 0 0 0 100 30 FA N S37 6155:0 Y A LOW 0 0 0 100 30 FA N S37 6155:1 Y A LOW 0 0 0 100 30 FA N S37 6175:0 Y A LOW 0 0 0 100 30 FA N S37 6175:1 Y A LOW 0 0 0 100 30 FA N S37 6180:0 Y A MED 0 0 0 100 30 FA N S37 6180:1 Y A MED 0 0 0 100 30 FA N S37 6190:0 Y A HIGH 0 0 0 100 30 FA N S37 6190:1 Y A HIGH 0 0 0 100 30 FA N S37

Signature Micro-Engine: SERVICE.DNS (23 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 6050:0 Y A LOW 0 0 0 100 30 FA N S37 6050:1 Y A LOW 0 0 0 100 30 FA N S37 6051:0 Y A INFO 0 0 0 100 30 FA N S37 6051:1 Y A INFO 0 0 0 100 30 FA N S37 6052:0 Y A MED 0 0 0 100 30 FA N S37 6052:1 Y A MED 0 0 0 100 30 FA N S37 6053:0 Y A INFO 0 0 0 100 30 FA N S37 6053:1 Y A INFO 0 0 0 100 30 FA N S37 6054:0 Y A LOW 0 0 0 100 30 FA N S37 6054:1 Y A LOW 0 0 0 100 30 FA N S37 6055:0 Y A HIGH 0 0 0 100 30 FA N S37 6055:1 Y A HIGH 0 0 0 100 30 FA N S37 6055:2 Y A HIGH 0 0 0 100 30 FA N S37 6056:0 Y A HIGH 0 0 0 100 30 FA N S37 6056:1 Y A HIGH 0 0 0 100 30 FA N S37 6056:2 Y A HIGH 0 0 0 100 30 FA N S37 6057:0 Y A HIGH 0 0 0 100 30 FA N S37 6057:1 Y A HIGH 0 0 0 100 30 FA N S37 6057:2 Y A HIGH 0 0 0 100 30 FA N S37 6062:0 Y A LOW 0 0 0 100 30 FA N S37 6062:1 Y A LOW 0 0 0 100 30 FA N S37 6063:0 Y A INFO 0 0 0 100 30 FA N S37 6063:1 Y A INFO 0 0 0 100 30 FA N S37

Signature Micro-Engine: SERVICE.HTTP (24 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3215:0 Y A MED 0 1 0 100 15 FA N S37 3229:0 Y A HIGH 0 1 0 100 15 FA N S37 3233:0 Y A HIGH 0 1 0 100 15 FA N S37 5034:0 Y A HIGH 0 1 0 100 15 FA N S37 5035:0 Y A HIGH 0 1 0 100 15 FA N S37 5041:0 Y A HIGH 0 1 0 100 15 FA N S37 5043:1 Y A HIGH 0 1 0 100 15 FA N S37 5043:2 Y A HIGH 0 1 0 100 15 FA N S37 5043:3 Y A HIGH 0 1 0 100 15 FA N S37 5044:0 Y A HIGH 0 1 0 100 15 FA N S37 5045:0 Y A HIGH 0 1 0 100 15 FA N S37 5050:0 Y A HIGH 0 1 0 100 15 FA N S37 5055:0 Y A HIGH 0 1 0 100 15 FA N S37 5071:0 Y A HIGH 0 1 0 100 15 FA N S37 5081:0 Y A MED 0 1 0 100 15 FA N S37 5090:0 Y A LOW 0 1 0 100 15 FA N S37 5114:0 Y A MED 0 1 0 100 15 FA N S37 5114:1 Y A MED 0 1 0 100 15 FA N S37 5114:2 Y A MED 0 1 0 100 15 FA N S37 5116:0 Y A HIGH 0 1 0 100 15 FA N S37 5117:0 Y A HIGH 0 1 0 100 15 FA N S37 5118:0 Y A HIGH 0 1 0 100 15 FA N S37 5123:0 Y A HIGH 0 1 0 100 15 FA N S37 5123:1 Y A HIGH 0 1 0 100 15 FA N S37

Signature Micro-Engine: ATOMIC.TCP (6 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3038:0 Y A HIGH 0 0 0 100 30 FA N Y S37 3039:0 Y A HIGH 0 0 0 100 30 FA N Y S37 3040:0 Y A HIGH 0 0 0 100 30 FA N N S37 3041:0 Y A HIGH 0 0 0 100 30 FA N N S37 3042:0 Y A HIGH 0 0 0 100 30 FA N N S37 3043:0 Y A HIGH 0 0 0 100 30 FA N Y S37

Signature Micro-Engine: ATOMIC.UDP (7 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 4050:0 Y A LOW 0 0 0 100 30 FA N S37 4051:1 Y A LOW 0 0 0 100 30 FA N S37 4051:2 Y A LOW 0 0 0 100 30 FA N S37 4051:3 Y A LOW 0 0 0 100 30 FA N S37 4052:1 Y A LOW 0 0 0 100 30 FA N S37 4052:2 Y A LOW 0 0 0 100 30 FA N S37 4600:0 Y A MED 0 0 0 100 30 FA N S37

Signature Micro-Engine: ATOMIC.ICMP (14 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version --More-- Authorized access only! Disconnect IMMEDIATELY if you are not an authorized user!

User Access Verification

Username: Ali Password: C3845#config t Enter configuration commands, one per line. End with CNTL/Z. C3845(config)#ip ips name sdm_ips_rule_IPS list IPS C3845(config)#int gigabitethernet0/0 C3845(config-if)# ip ips sdm_ips_rule_IPS in C3845(config-if)# ip virtual-reassembly C3845(config-if)#^Z C3845#sh ips config ^ % Invalid input detected at '^' marker.

C3845#sh ip ips config Configured SDF Locations: none Builtin signatures are enabled and loaded Last successful SDF load time: 20:38:21 Pacific Apr 13 2008 IPS fail closed is disabled IPS deny-action ips-interface is false Fastpath ips is enabled Quick run mode is enabled Event notification through syslog is enabled Event notification through SDEE is disabled Total Active Signatures: 132 Total Inactive Signatures: 0 Signature 1107:0 disable IPS Rule Configuration IPS name sdm_ips_rule_IPS acl list IPS Interface Configuration Interface GigabitEthernet0/0 Inbound IPS rule is sdm_ips_rule_IPS acl list IPS Outgoing IPS rule is not set C3845#sh ip ips signatures Builtin signatures are configured Builtin signatures are loaded

Cisco SDF release version S46.0

Trend SDF release version V0.0

Action=3D(A)larm,(D)rop,(R)eset,Deny-(H)ost,Deny-(F)low

*=3DMarked for Deletion WF=3DWantFrag Trait=3DAlarmTraits MH=3DMinHits AI=3DAlarmInterval CT=3DChokeThreshold TI=3DThrottleInterval AT=3DAlarmThrottle FA=3DFlipAddr

Signature Micro-Engine: OTHER (3 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 1202:0 Y A HIGH 0 0 0 100 15 FA N Y S37 1206:0 Y A INFO 0 0 0 100 15 FA N Y S37 3050:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: STRING.UDP (1 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 4100:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: STRING.TCP (3 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3150:0 Y A INFO 0 1 0 100 15 FA N S37 3151:0 Y A INFO 0 1 0 100 15 FA N S37 3152:0 Y A MED 0 1 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.FTP (2 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3153:0 Y A MED 0 0 0 100 15 FA N S37 3154:0 Y A MED 0 0 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.SMTP (10 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3100:0 Y A MED 0 0 0 100 15 FA N S37 3101:0 Y A MED 0 0 0 100 15 FA N S37 3102:0 Y A MED 0 0 0 100 15 FA N S37 3103:0 Y A INFO 0 0 0 100 15 FA N S37 3103:1 Y A INFO 0 0 0 100 15 FA N S37 3104:0 Y A INFO 0 0 0 100 15 FA N S37 3104:1 Y A INFO 0 0 0 100 15 FA N S37 3105:0 Y A LOW 0 0 0 100 15 FA N S37 3106:0 Y A LOW 0 250 0 100 15 FA N S37 3107:0 Y A HIGH 0 0 0 100 15 FA N S37

Signature Micro-Engine: SERVICE.RPC (26 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 6100:0 Y A HIGH 0 0 0 100 30 FA N S37 6100:1 Y A HIGH 0 0 0 100 30 FA N S37 6101:0 Y A HIGH 0 0 0 100 30 FA N S37 6101:1 Y A HIGH 0 0 0 100 30 FA N S37 6102:0 Y A MED 0 0 0 100 30 FA N S37 6102:1 Y A MED 0 0 0 100 30 FA N S37 6103:0 Y A INFO 0 0 0 100 30 FA N S37 6103:1 Y A INFO 0 0 0 100 30 FA N S37 6150:0 Y A INFO 0 0 0 100 30 FA N S37 6150:1 Y A INFO 0 0 0 100 30 FA N S37 6151:0 Y A INFO 0 0 0 100 30 FA N S37 6151:1 Y A INFO 0 0 0 100 30 FA N S37 6152:0 Y A INFO 0 0 0 100 30 FA N S37 6152:1 Y A INFO 0 0 0 100 30 FA N S37 6153:0 Y A INFO 0 0 0 100 30 FA N S37 6153:1 Y A INFO 0 0 0 100 30 FA N S37 6154:0 Y A INFO 0 0 0 100 30 FA N S37 6154:1 Y A INFO 0 0 0 100 30 FA N S37 6155:0 Y A LOW 0 0 0 100 30 FA N S37 6155:1 Y A LOW 0 0 0 100 30 FA N S37 6175:0 Y A LOW 0 0 0 100 30 FA N S37 6175:1 Y A LOW 0 0 0 100 30 FA N S37 6180:0 Y A MED 0 0 0 100 30 FA N S37 6180:1 Y A MED 0 0 0 100 30 FA N S37 6190:0 Y A HIGH 0 0 0 100 30 FA N S37 6190:1 Y A HIGH 0 0 0 100 30 FA N S37

Signature Micro-Engine: SERVICE.DNS (23 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 6050:0 Y A LOW 0 0 0 100 30 FA N S37 6050:1 Y A LOW 0 0 0 100 30 FA N S37 6051:0 Y A INFO 0 0 0 100 30 FA N S37 6051:1 Y A INFO 0 0 0 100 30 FA N S37 6052:0 Y A MED 0 0 0 100 30 FA N S37 6052:1 Y A MED 0 0 0 100 30 FA N S37 6053:0 Y A INFO 0 0 0 100 30 FA N S37 6053:1 Y A INFO 0 0 0 100 30 FA N S37 6054:0 Y A LOW 0 0 0 100 30 FA N S37 6054:1 Y A LOW 0 0 0 100 30 FA N S37 6055:0 Y A HIGH 0 0 0 100 30 FA N S37 6055:1 Y A HIGH 0 0 0 100 30 FA N S37 6055:2 Y A HIGH 0 0 0 100 30 FA N S37 6056:0 Y A HIGH 0 0 0 100 30 FA N S37 6056:1 Y A HIGH 0 0 0 100 30 FA N S37 6056:2 Y A HIGH 0 0 0 100 30 FA N S37 6057:0 Y A HIGH 0 0 0 100 30 FA N S37 6057:1 Y A HIGH 0 0 0 100 30 FA N S37 6057:2 Y A HIGH 0 0 0 100 30 FA N S37 6062:0 Y A LOW 0 0 0 100 30 FA N S37 6062:1 Y A LOW 0 0 0 100 30 FA N S37 6063:0 Y A INFO 0 0 0 100 30 FA N S37 6063:1 Y A INFO 0 0 0 100 30 FA N S37

Signature Micro-Engine: SERVICE.HTTP (24 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3215:0 Y A MED 0 1 0 100 15 FA N S37 3229:0 Y A HIGH 0 1 0 100 15 FA N S37 3233:0 Y A HIGH 0 1 0 100 15 FA N S37 5034:0 Y A HIGH 0 1 0 100 15 FA N S37 5035:0 Y A HIGH 0 1 0 100 15 FA N S37 5041:0 Y A HIGH 0 1 0 100 15 FA N S37 5043:1 Y A HIGH 0 1 0 100 15 FA N S37 5043:2 Y A HIGH 0 1 0 100 15 FA N S37 5043:3 Y A HIGH 0 1 0 100 15 FA N S37 5044:0 Y A HIGH 0 1 0 100 15 FA N S37 5045:0 Y A HIGH 0 1 0 100 15 FA N S37 5050:0 Y A HIGH 0 1 0 100 15 FA N S37 5055:0 Y A HIGH 0 1 0 100 15 FA N S37 5071:0 Y A HIGH 0 1 0 100 15 FA N S37 5081:0 Y A MED 0 1 0 100 15 FA N S37 5090:0 Y A LOW 0 1 0 100 15 FA N S37 5114:0 Y A MED 0 1 0 100 15 FA N S37 5114:1 Y A MED 0 1 0 100 15 FA N S37 5114:2 Y A MED 0 1 0 100 15 FA N S37 5116:0 Y A HIGH 0 1 0 100 15 FA N S37 5117:0 Y A HIGH 0 1 0 100 15 FA N S37 5118:0 Y A HIGH 0 1 0 100 15 FA N S37 5123:0 Y A HIGH 0 1 0 100 15 FA N S37 5123:1 Y A HIGH 0 1 0 100 15 FA N S37

Signature Micro-Engine: ATOMIC.TCP (6 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 3038:0 Y A HIGH 0 0 0 100 30 FA N Y S37 3039:0 Y A HIGH 0 0 0 100 30 FA N Y S37 3040:0 Y A HIGH 0 0 0 100 30 FA N N S37 3041:0 Y A HIGH 0 0 0 100 30 FA N N S37 3042:0 Y A HIGH 0 0 0 100 30 FA N N S37 3043:0 Y A HIGH 0 0 0 100 30 FA N Y S37

Signature Micro-Engine: ATOMIC.UDP (7 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 4050:0 Y A LOW 0 0 0 100 30 FA N S37 4051:1 Y A LOW 0 0 0 100 30 FA N S37 4051:2 Y A LOW 0 0 0 100 30 FA N S37 4051:3 Y A LOW 0 0 0 100 30 FA N S37 4052:1 Y A LOW 0 0 0 100 30 FA N S37 4052:2 Y A LOW 0 0 0 100 30 FA N S37 4600:0 Y A MED 0 0 0 100 30 FA N S37

Signature Micro-Engine: ATOMIC.ICMP (14 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 2000:0 Y A INFO 0 0 0 100 30 FA N S37 2001:0 Y A INFO 0 0 0 100 30 FA N S37 2002:0 Y A INFO 0 0 0 100 30 FA N S37 2003:0 Y A INFO 0 0 0 100 30 FA N S37 2004:0 Y A INFO 0 0 0 100 30 FA N S37 2005:0 Y A INFO 0 0 0 100 30 FA N S37 2006:0 Y A INFO 0 0 0 100 30 FA N S37 2007:0 Y A INFO 0 0 0 100 30 FA N S37 2008:0 Y A INFO 0 0 0 100 30 FA N S37 2009:0 Y A INFO 0 0 0 100 30 FA N S37 2010:0 Y A INFO 0 0 0 100 30 FA N S37 2011:0 Y A INFO 0 0 0 100 30 FA N S37 2012:0 Y A INFO 0 0 0 100 30 FA N S37 2150:0 Y A INFO 0 0 0 100 30 FA N Y S37

Signature Micro-Engine: ATOMIC.IPOPTIONS (7 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 1000:0 Y A INFO 0 0 0 100 30 FA N S37 1001:0 Y A INFO 0 0 0 100 30 FA N S37 1002:0 Y A INFO 0 0 0 100 30 FA N S37 1003:0 Y A INFO 0 0 0 100 30 FA N S37 1004:0 Y A HIGH 0 0 0 100 30 FA N S37 1005:0 Y A INFO 0 0 0 100 30 FA N S37 1006:0 Y A HIGH 0 0 0 100 30 FA N S37

Signature Micro-Engine: ATOMIC.L3.IP (6 sigs) SigID:SubID On Action Sev Trait MH AI CT TI AT FA WF Version ----------- -- ------ ---- ----- ----- ----- ----- ----- -- -- --

------- 1101:0 Y A INFO 0 0 0 100 30 FA N S37 1102:0 Y A HIGH 0 0 0 100 30 FA N S37 1104:0 Y A HIGH 0 0 0 100 30 FA N S37 1107:0 N A INFO 0 0 0 100 30 FA N S37 2151:0 Y A INFO 0 0 0 100 30 FA N S37 2154:0 Y A HIGH 0 0 0 100 30 FA N Y S37 Total Active Signatures: 132 Total Inactive Signatures: 0

C3845#

On Apr 13, 9:52=A0am, News Reader wrote:

Reply to
BarrySDCA

Reply to
BarrySDCA

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.