HI,
We have cisco pix 515E now we want to turn on the IDS feature to block some attacks. but something fundamental I don't understand..... the IDS has about 60 signatures for example detecting Fyn scans. or signature 8000 FTP retrieve password file.. now.... what did the pix when those attacks passed before enabling the IDS? did he watched for those attacks ? in the first step we will configure the ids to just report to a syslog but in the second stage it will configure to drop those attcaks. but didn't the pix already dropped those attacks before the IDS was torned on? also, if its dropped packets and the traffic sure passed throw the pix, why isn't it called IPS?
thank you all !!
Juan