Re: [OSL | CCIE_Security] IOS IPS Sig Category

[Mike Rojas]

What I do, (Prior compiling of course is retire all the signatures) 

IP ips signature category
Category all 
 enable false 
 retire true 

-------->
Compile the signautres

IP ips signature category 
 category ios_ips  basic 
  enable true 
  retired false 

 If I dont remember wrong, on the old IPS exam it explained that you needed to 
do that process in order to avoid the router to become unresponsive. 

Mike 

From: eug...@koiossystems.com
To: kingsley.char...@gmail.com; ccie_security@onlinestudylist.com
Date: Fri, 15 Jun 2012 19:44:52 +0000
Subject: Re: [OSL | CCIE_Security] IOS IPS Sig Category









This is a list of all IOS IPS signature categories
 
R6(config-ips-category)#category ?
  adware/spyware         Adware/Spyware (more sub-categories)
  all                    All Categories
  attack                 Attack (more sub-categories)
  ddos                   DDoS (more sub-categories)
  dos                    DoS (more sub-categories)
  email                  Email (more sub-categories)
  instant_messaging      Instant Messaging (more sub-categories)
  ios_ips                IOS IPS (more sub-categories)
  l2/l3/l4_protocol      L2/L3/L4 Protocol (more sub-categories)
  network_services       Network Services (more sub-categories)
  os                     OS (more sub-categories)
  other_services         Other Services (more sub-categories)
  p2p                    P2P (more sub-categories)
  reconnaissance         Reconnaissance (more sub-categories)
  viruses/worms/trojans  Viruses/Worms/Trojans (more sub-categories)
  web_server             Web Server (more sub-categories)
 
ios_ips itself has basic and advanced subcategories
 
R6(config-ips-category)#category ios_ips ?
  advanced  Advanced
  basic     Basic
 
Yusuf is right, you need to retire everything except ios_ips basic

 
Eugene
 

From: ccie_security-boun...@onlinestudylist.com 
[mailto:ccie_security-boun...@onlinestudylist.com]
On Behalf Of Kingsley Charles

Sent: Friday, June 15, 2012 4:58 AM

To: ccie_security@onlinestudylist.com

Subject: [OSL | CCIE_Security] IOS IPS Sig Category

 
Hi all



If we are asked to enable ios_basic_sigs, then first thing we need to retire 
all sigs and then enable the basic set. Now that can be in the following ways:





ip ips signature-category

  category all

   retired true

  category ios_ips basic

   retired false



ip ips signature-category

  category ios_ips

   retired true

  category ios_ips basic

   retired false





The "sh ip ips signature count" o/p shows that the retired sigs o/p are 
different for the two above configs. Yusuf has used the first one in his labs.





With regards

Kings




_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com                                         
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com