Re: [OSL | CCIE_Security] IOS IPS Sig Category

[Alexei Monastyrnyi]

I would second that and it is also stipulated on the main Cisco IOS IPS 
configuration guide. Better do it before you load stuff in idconf.

A.
On 6/16/2012 11:16 AM, Mike Rojas wrote:
What I do, (Prior compiling of course is retire all the signatures)

IP ips signature category
Category all
 enable false
 retire true

-------->
Compile the signautres

IP ips signature category
 category ios_ips  basic
  enable true
  retired false

 If I dont remember wrong, on the old IPS exam it explained that you 
needed to do that process in order to avoid the router to become 
unresponsive.

Mike

------------------------------------------------------------------------
From: eug...@koiossystems.com
To: kingsley.char...@gmail.com; ccie_security@onlinestudylist.com
Date: Fri, 15 Jun 2012 19:44:52 +0000
Subject: Re: [OSL | CCIE_Security] IOS IPS Sig Category

This is a list of all IOS IPS signature categories

R6(config-ips-category)#category ?

  adware/spyware         Adware/Spyware (more sub-categories)

  all                    All Categories

  attack                 Attack (more sub-categories)

  ddos                   DDoS (more sub-categories)

  dos                    DoS (more sub-categories)

  email                  Email (more sub-categories)

  instant_messaging      Instant Messaging (more sub-categories)

  ios_ips                IOS IPS (more sub-categories)

  l2/l3/l4_protocol      L2/L3/L4 Protocol (more sub-categories)

  network_services       Network Services (more sub-categories)

  os                     OS (more sub-categories)

  other_services         Other Services (more sub-categories)

  p2p                    P2P (more sub-categories)

  reconnaissance         Reconnaissance (more sub-categories)

  viruses/worms/trojans  Viruses/Worms/Trojans (more sub-categories)

  web_server             Web Server (more sub-categories)

ios_ips itself has basic and advanced subcategories

R6(config-ips-category)#category ios_ips ?

  advanced  Advanced

  basic     Basic

Yusuf is right, you need to retire everything except ios_ips basic

Eugene

*From:*ccie_security-boun...@onlinestudylist.com 
[mailto:ccie_security-boun...@onlinestudylist.com] *On Behalf Of 
*Kingsley Charles
*Sent:* Friday, June 15, 2012 4:58 AM
*To:* ccie_security@onlinestudylist.com
*Subject:* [OSL | CCIE_Security] IOS IPS Sig Category

Hi all

If we are asked to enable ios_basic_sigs, then first thing we need to 
retire all sigs and then enable the basic set. Now that can be in the 
following ways:


ip ips signature-category
  category all
   retired true
  category ios_ips basic
   retired false

ip ips signature-category
  category ios_ips
   retired true
  category ios_ips basic
   retired false


The "sh ip ips signature count" o/p shows that the retired sigs o/p 
are different for the two above configs. Yusuf has used the first one 
in his labs.


With regards
Kings


_______________________________________________ For more information 
regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check 
out www.PlatinumPlacement.com


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com