What commands need to be configured to enable the IDS & anti spoofing on the PIX 6.3(4) ?
I think I have it setup correctly, but would like to see what the experts say.
Also, Kiwi is shooting this out now since I've configured it:
12-08 12:42:59 Local4.Alert 10.98.74.1 Dec 08 2005 08:41:37: %PIX-1-106021: Deny udp reverse path check from 192.168.1.80 to 255.255.255.255 on interface outside.Could someone explain that?
It is enabled by default, but if you want to change the parameters, you can, e.g.,
ip audit name ids_outside_attack attack action alarm drop ip audit name ids_outside_info info action alarm ip audit interface outside ids_outside_info ip audit interface outside ids_outside_attack
ip verify reverse-path
What relationship does 192.168.1.80 bear to your inside or outside IP address ranges? The 10.98.74.1 in the log message would imply that your inside range is 10.98.74.x ?
In any case, a system with 192.168.1.80 is outside and trying to broadcast data, /OR/ some host is inside but is not in the subnet of your inside interface address range, and you are missing a "route inside" statement for that range, and the host is trying to broadcast and the PIX is (because of the missing route) sending the packets outside (possibly nating them into 192.168.1.80 on the way), and your WAN router is routing the packets back to the PIX which is noticing that the 192.168.1.x packets should not have originated outside...
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.