Hi Dan, Check out NBAR. It does deep packet inspection (router looks at layer 4 to 7 as well) and actively prevents an attack from happening (at least cisco will try to tell you that), rather than just reporting it like most open source IDS. So I guess NBAR is an IPS, since it actually prevents an attack from happening by looking at traffic flow characteristics and other fun things. I think most recent IOS version support it. Your router needs to be CEF capable.
Regards -- Markus On Apr 15, 2010, at 4:20 PM, Daniel Bwente wrote: > Hi Kyle > > Its a Networking deployment am desgining, and am restricted to using only the > Cisco Devices already at the Location, > > Cheers > > On Thu, Apr 15, 2010 at 2:13 PM, Kyle Spencer <[email protected]> wrote: > Any specific reason why you <3 Cisco? > > I'd recommend Snort -- http://www.snort.org > > > > On Thu, 2010-04-15 at 13:30 +0100, Daniel Bwente wrote: > > Hi Guys > > > > Am looking to implement an adhoc Cisco Based IDS, any pointers on how > > i could go about it? I don't have the IDS appliace nor do i posses the > > Router /Switch IDS modules, could i achieve an IDS solution using > > Cisco Devices any other way? I do have a PIX, ASA and Router at my > > disposal, > > > > Cheers > > > > -- > > Dan > > +256-071-2-552035 > > > > "You won't have eyes tonight. You won't have ears or a tongue. you > > will wander the underworld blind, deaf and dumb and all the dead will > > know; This is Hector: the fool who thought he killed Achilles." > > _______________________________________________ > > LUG mailing list > > [email protected] > > http://kym.net/mailman/listinfo/lug > > > > LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > > > All Archives can be found at http://www.mail-archive.com/[email protected]/ > > > > The above comments and data are owned by whoever posted them (including > > attachments if any). The List's Host is not responsible for them in any way. > > --------------------------------------- > > > > _______________________________________________ > LUG mailing list > [email protected] > http://kym.net/mailman/listinfo/lug > > LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > All Archives can be found at http://www.mail-archive.com/[email protected]/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The List's Host is not responsible for them in any way. > --------------------------------------- > > > > > -- > Dan > +256-071-2-552035 > > "You won't have eyes tonight. You won't have ears or a tongue. you will > wander the underworld blind, deaf and dumb and all the dead will know; This > is Hector: the fool who thought he killed Achilles." > _______________________________________________ > LUG mailing list > [email protected] > http://kym.net/mailman/listinfo/lug > > LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ > > All Archives can be found at http://www.mail-archive.com/[email protected]/ > > The above comments and data are owned by whoever posted them (including > attachments if any). The List's Host is not responsible for them in any way. > --------------------------------------- >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug LUG is generously hosted by INFOCOM http://www.infocom.co.ug/ All Archives can be found at http://www.mail-archive.com/[email protected]/ The above comments and data are owned by whoever posted them (including attachments if any). The List's Host is not responsible for them in any way. ---------------------------------------
