it's pretty late and maybe i'm brain dead but can someone keep me honest here? echo request is sig #2004 and echo reply is #2000 right?
thanks! andrew from the "official" OEQ flash cards... *Question: *What is the default signature ID number for ICMP echo-request and echo-reply packets when configuring signatures on the Cisco IPS sensor appliance? *Correct Answer: *An ICMP echo-request is sig ID 2000 and an echo-reply is 2004. *Explanation: *A signature is a set of rules that the Cisco IPS sensor uses to detect typical intrusive activity, network, and DoS attacks. As sensors scan network packets, they use signatures to detect known attacks and respond with actions that you define. Cisco IPS sensor contains a default signature definition policy called sig0, with over 1000 built-in default signatures. Not all of these signatures are enabled by default. You need to know some of the common default signature ID numbers to be able to enable them. You cannot rename or delete default signatures. You can tune built-in signatures by adjusting several signature parameters. Built-in signatures that have been modified are called tuned signatures. An ICMP echo request is signature ID 2000 and an echo reply is 2004. *Your Answer: *echo request is 2004 and echo reply is 2000 and from the router: R6#show ip ips signature sigid 2004 subid 0 En - possible values are Y, Y*, N, or N* Y: signature is enabled N: enabled=false in the signature definition file *: retired=true in the signature definition file Cmp - possible values are Y, Ni, Nr, Nf, or No Y: signature is compiled Ni: signature not compiled due to invalid or missing parameters Nr: signature not compiled because it is retired Nf: signature compile failed No: signature is obsoleted Action=(A)lert, (D)eny, (R)eset, Deny-(H)ost, Deny-(F)low Trait=alert-traits EC=event-count AI=alert-interval GST=global-summary-threshold SI=summary-interval SM=summary-mode SW=swap-attacker-victim SFR=sig-fidelity-rating Rel=release SigID:SubID En Cmp Action Sev Trait EC AI GST SI SM SW SFR Rel ----------- -- ---- ------ --- ----- ---- ---- ----- --- -- -- --- --- 2004:0 N* Nr A INFO 0 1 0 200 30 FA N 100 S1 sig-name: ICMP Echo Request sig-string-info: My Sig Info sig-comment: Sig Comment Engine atomic-ip params: fragment-status : icmp-type : 8 l4-protocol : icmp R6#
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
