COMPUTER TIPS

How to configure the Cisco IOS IDS step by step?

 

 

IDS stand for Intrusion Detection System. IDS use to monitor the network traffic and calculate the detail information about network attacks also. When the IDS system identifies any malicious traffic, it reports an alert to the management system (for example, kiwi Syslog service Manager). IDS generates the different types of information against network attacks (for example, alerts, Critical conditions, Debugging messages, System is unusable, Warning conditions, Normal but significant conditions and other informational messages) and then you can set the alarm or reset action against the matching signatures.

Follow the given lab for IDS to detect malicious traffic:

Configurations on Router 

In global configuration Mode: 

Router(config)# logging on

Router(config)# logging console

(enable logging on router console)

Router(config)# logging host  40.1.1.2

(mention the syslog server address; here we are using kiwi Syslog service Manager as a logging manager)

Router(config)# logging trap 7

(logging severity level) 

Router(config)# ip audit name AGENT attack action alarm 

(set the alarm action against the matching signatures, and AGENT is the name of audit specification) 

Now implement the all above configurations on router inside interface. 

Router(config)# interface Ethernet 0/0 

Router(config-if)# ip audit AGENT in 

(implementation on router inside interface)

Now you can create a network attack using ICMP service (denial of service attack), for example run a long Ping command from your laptop to remote router. 

Ping 40.1.1.1 -t -l 60000 

Now you can verify the detail information about this ICMP DOS attack using any syslog server, here we are using kiwi Syslog service Manager as a logging manager. In the given figure, you can view the information about the ICMP DOS attack.

      

Suggested Reading

•  Break or recover the router password

•  How to configure the Cisco IOS IDS step by step?

•  Routing Information Protocol (RIP) Configuration

•  Point-To-Point Leased Line Implementation

•  How to configure Stub area in OSPF protocol?

• How to configure site-to-site VPN tunnel using ASA? New

•  Router basic Troubleshooting Tips

• How to configure Remote Access VPN using ASA?

• How to protect EIGRP router from receiving unsigned routing updates?

 

• How to configure BGP with local preference attribute?

• How to configure Totally Stub Area in OSPF protocol?

• How to configure BGP between two different autonomous systems?

• How to configure virtual link between different areas in OSPF?

• How to perform unequal-cost load balancing using EIGRP?

•  How to configure Site-to-Site IPsec VPN?

• How configure EIGRP authentication to prevent unauthorized   access?

• How to configure BGP with weight attribute?

•  How to configure OSPF step by step?

• How to perform configuration and convergence between RIP and IGRP protocols?

•  How to configure OSPF with multiple areas?

 

•  Interior Gateway Routing Protocol (IGRP) Configuration

•  Extended IP Access Control List

•  Enhanced Interior Gateway Routing Protocol (EIGRP) Configuration

•  Useful Router commands and configuration

•  Standard IP Access Control List

•  Common Frame Relay Configuration

•  Integrated Services Digital Network (ISDN)