Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IOS IDS configuration

from [Dan Tesch] Network Security [Permanent Link]
Subject: Re: IOS IDS configuration
Date: Mon, 27 Sep 2004 21:11:42 -0500 
Thanks, I do understand how to actually delete a line
I was wondering if there is any benefit to doing so.
For instance, I was trying to do some admin. from home
but could not get my config to copy to a TFTP server
at home via internet - didn't know if the ip inspect tftp
line had something to do with it - and why some of
these on eth_0 and some eth_1??

Type the line you wish to delete with a 'no' infront of it, should do it.
(eg 'no ip inspect name Ethernet_0_1 ftp')


Dan Tesch wrote:

Hi, we have the IOSIDS functions enabled in our 2611
and I have read the docs but don't know if I can
disable single lines in the config.

example:

ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name Ethernet_0_1 smtp
ip inspect name Ethernet_0_1 ftp
ip inspect name Ethernet_0_1 tcp
ip inspect name Ethernet_0_1 udp
ip inspect name Ethernet_0_1 cuseeme
ip inspect name Ethernet_0_0 tcp
ip inspect name Ethernet_0_0 udp
ip inspect name Ethernet_0_0 cuseeme
ip inspect name Ethernet_0_0 ftp
ip inspect name Ethernet_0_0 h323
ip inspect name Ethernet_0_0 rcmd
ip inspect name Ethernet_0_0 realaudio
ip inspect name Ethernet_0_0 smtp
ip inspect name Ethernet_0_0 streamworks
ip inspect name Ethernet_0_0 vdolive
ip inspect name Ethernet_0_0 sqlnet
ip inspect name Ethernet_0_0 tftp
ip audit notify log
ip audit po max-events 100

these appear to be defaults, if I am not using something like
vdolive, sqlnet, streamworks, realaudio, etc. can I delete the lines?
are there some helpful extra parameters anyone can suggest?

Thanks



[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NG FP2 Vs NG FP3 Backward compatibility, Rob Hughes
Next by Date:  Re: IPTables, Paul
Previous by Thread:  Re: IOS IDS configuration, mc
Next by Thread:  RE: IOS IDS configuration, Shane Mahon
Indexes:  [Date] [Thread] [Top] [All Lists]