IDS stand for
Intrusion Detection System. IDS use to monitor the network traffic and
calculate the detail information about network attacks also. When the
IDS system identifies any malicious traffic, it reports an alert to the
management system (for example, kiwi Syslog service Manager). IDS
generates the different types of information against network attacks
(for example, alerts, Critical conditions, Debugging messages, System is
unusable, Warning conditions, Normal but significant conditions and
other informational messages) and then you can set the alarm or reset
action against the matching signatures.
Follow the
given lab for IDS to detect malicious traffic:
Configurations on Router
In global configuration Mode:
Router(config)# logging on
Router(config)# logging console
(enable logging on router console)
Router(config)# logging host 40.1.1.2
(mention the syslog server address; here we are
using kiwi
Syslog service Manager as a logging manager)
Router(config)# logging trap 7
(logging severity level)
Router(config)# ip audit name AGENT attack action alarm
(set
the alarm action against the matching signatures, and AGENT is the name
of audit specification)
Now implement the all above configurations on router inside interface.
Router(config)# interface Ethernet 0/0
Router(config-if)# ip audit
AGENT in
(implementation on router inside interface)
Now you can create a network attack using ICMP service (denial of
service attack), for example run a long Ping command from your laptop to
remote router.
Ping 40.1.1.1 -t -l 60000
Now
you can verify the
detail information
about this ICMP DOS attack using any syslog server, here
we are using kiwi Syslog service
Manager as a logging manager. In the given
figure, you can view the information about the ICMP DOS attack.
COMPUTER TIPS