IDS & Spoofing -- PIX 6.3(4)

What commands need to be configured to enable the IDS & anti spoofing on the PIX 6.3(4) ?

I think I have it setup correctly, but would like to see what the experts say.

Also, Kiwi is shooting this out now since I've configured it:

12-08 12:42:59 Local4.Alert Dec 08 2005 08:41:37: %PIX-1-106021: Deny udp reverse path check from to on interface outside.

Could someone explain that?

Reply to
Loading thread data ...

It is enabled by default, but if you want to change the parameters, you can, e.g.,

ip audit name ids_outside_attack attack action alarm drop ip audit name ids_outside_info info action alarm ip audit interface outside ids_outside_info ip audit interface outside ids_outside_attack

ip verify reverse-path

What relationship does bear to your inside or outside IP address ranges? The in the log message would imply that your inside range is 10.98.74.x ?

In any case, a system with is outside and trying to broadcast data, /OR/ some host is inside but is not in the subnet of your inside interface address range, and you are missing a "route inside" statement for that range, and the host is trying to broadcast and the PIX is (because of the missing route) sending the packets outside (possibly nating them into on the way), and your WAN router is routing the packets back to the PIX which is noticing that the 192.168.1.x packets should not have originated outside...

Reply to
Walter Roberson Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.