Walter Roberson
Guest
|
 Posted:
Thu Dec 08, 2005 11:51 pm Post subject:
Re: IDS & Spoofing -- PIX 6.3(4) |
|
|
In article <1134064300.584653.134580@g44g2000cwa.googlegroups.com>,
J1C <just1coder@yahoo.ca> wrote:
| Quote: | What commands need to be configured to enable the IDS
|
It is enabled by default, but if you want to change the
parameters, you can, e.g.,
ip audit name ids_outside_attack attack action alarm drop
ip audit name ids_outside_info info action alarm
ip audit interface outside ids_outside_info
ip audit interface outside ids_outside_attack
| Quote: | & anti spoofing
on the PIX 6.3(4) ?
|
ip verify reverse-path
| Quote: | I think I have it setup correctly, but would like to see what the
experts say.
Also, Kiwi is shooting this out now since I've configured it:
12-08 12:42:59 Local4.Alert 10.98.74.1 Dec 08 2005 08:41:37:
%PIX-1-106021: Deny udp reverse path check from 192.168.1.80 to
255.255.255.255 on interface outside.
Could someone explain that?
|
What relationship does 192.168.1.80 bear to your inside or outside
IP address ranges? The 10.98.74.1 in the log message would imply that
your inside range is 10.98.74.x ?
In any case, a system with 192.168.1.80 is outside and trying to
broadcast data, /OR/ some host is inside but is not in the subnet of
your inside interface address range, and you are missing a "route
inside" statement for that range, and the host is trying to broadcast
and the PIX is (because of the missing route) sending the packets
outside (possibly nating them into 192.168.1.80 on the way), and your
WAN router is routing the packets back to the PIX which is noticing
that the 192.168.1.x packets should not have originated outside...
--
"No one has the right to destroy another person's belief by
demanding empirical evidence." -- Ann Landers |
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in