Troubleshooting of the IDS 4215 interface detection

Similar Questions

• If the IDS 4215 platform support E4 7.0 (2)

  Hello

  We are trying to upgrade the engine in our IPS and IDS devices. We have a single device IDS 4215 in our environment that installed with engine E3. Please let me know as this engine support E4 with 7.0 platform (2) version. If so, please update me with the name of the .pkg file. Thank you.

  Vinoth salvation,

  The IDS-4215 sensor does not support the version of the IPS 7.0 software. The latest version of the software supported on this platform is 6.0.

  He argues, however, E4 engine in combination with the version of the software 6.0 (6).

  To upgrade your sensor to the E4 engine (and use the latest signatures), improve it with the 6.0 (6) E4 software package pkg file.

  You can download this update from the link below:

  http://tools.cisco.com/support/downloads/go/PlatformList.x?sftType=Intrusion+Prevention+System+%28IPS%29+System+Upgrades&mdfid=278244333&treeName=Security&mdfLevel=Model&url=null&modelName=Cisco+IDS+4215+Sensor&isPlatform=N&treeMdfId=268438162&modifmdfid=null&imname=&hybrid=Y&imst=N

  If you are currently using version 6.0, you will just need the "IPS-engine-E4-req-6.0-6.pkg" file to upgrade the engine, if you are on an earlier version of the software, you will need to download "IPS - K9 - 6.0 - 6 - E4.pkg"

  Be sure to read the readme file before the upgrade:

  http://www.Cisco.com/Web/software/282549759/32618/IPS-Engine-E4.Readme.txt'

  Let me know if you have any other questions.

  Best regards

  Stijn

• 4215 interface problems

  Here is my scenario:

  My control interface is FastEthernet 0/0. When I plug a cable in FastEthernet 0/1, FastEthernet 0/0 shows that 'up' and I am able to connect to IDM. When I connect a cable to FastEthernet 0/0, the link remains down and nothing happens. I don't understand??

  I would like to know which interface I'm supposed TO be using to management. See attachment 'sh int' output.

  Any help is appreciated!

  Astro out.

  There was a port numbering change in version 5.0.

  The port on the right is always the port command and control, and is the port on the left is always smell it.

  The problem is that what ports have been numbered changed between 4.x and 5.x.

  Here is a breakdown of the numbering on the IDS-4215 port basis:

  Command and control:

  Port on the right

  External label 'Ethernet 1' (cannot be labelled in recent revisions of hardware)

  name of 4.x: int1 (output of ifconfig eth1)

  5.x name: Fastethernet0/0 (fe0_0 output of ifconfig)

  So you see that it has changed to be called int1 or ethernet 1 being called FastEthernet0/0. If you look at the physical labels on the back of the box labels will be incorrect if you use version 5.x.

  And of course similar changes happened for interface detection:

  Port on the left

  External label "Ethernet 0 ' (cannot be labelled in recent revisions of hardware)

  name of 4.x: int0 (output of ifconfig eth0)

  5.x name: Fastethernet0/1 (fe0_1 output of ifconfig)

  As a side note:

  If you run with the card 4FE also know that port on the 4FE numbers have also changed between versions 4.x and 5.x:

  name-> name 5.x 4.x

  INT5-> FastEthernet1/0

  INT4-> FastEthernet1/1

  Int3-> FastEthernet1/2

  Int2-> FastEthernet1/3

• Cisco IDS 4215 signatures update

  Hello people,
  We have a few Cisco IDS 4215 and would like to know if the upgrade of signatures, we can remove those released previously or whether precedents should not be eliminated.

  Information system of these devices.

  ***

  TAC-contact information
  URL: http://www.cisco.com/public/support/tac/home.shtml/
  Phone: 1 (800) 553-2447

  Sensor time is 110 days.
  Platform: IDS-4215-4FE-K9
  Boot partition: application

  Partition: application
  Build version: 6.0 (6) E3
  Host:
  Domain keys key1.0
  Definition of signature:
  Update of the signature S439.0 2009-09-30
  Virus update V1.4 2007-03-02
  OS version: 2.4.30 - IDS-smp-bigphys
  Applications
  MainApp
  N NUBRA_2009_JUL_15_01_10_6_0_5_57 2009-07-15 T 01: 15:08 - 0500 ipsbuild
  The executing State: running
  AnalysisEngine
  N NUBRA_2009_JUL_15_01_10_6_0_5_57 2009-07-15 T 01: 15:08 - 0500 ipsbuild
  The executing State: running
  Updates installed
  Update name: IPS - K9 - 6.0 - 6 - E3
  Once installed: July 15, 2009 18.48.06
  Update name: IPS-GIS-S439-req - E3.pkg
  Installed time: 6 October 2009 13.07.55
  Next lower upgrade:
  Partition: recovery
  Build version: 1.1 - 6, 0000 E3

  PEP Udi chassis
  Description sensor unit IPS 4215
  PID ID-4215-4FE-K9
  vid V01
  SN 88808513168

  Memory usage
  usedBytes = 377655296
  freeBytes = 132685824
  totalBytes = 510341120

  Use of the disk
  the application data uses 33.2 M off 166,8 M bytes of disk space available (21% of use)
  start using 37.6 M off 68.6 M bytes of disk space available (58% of use)
  Application log using 529,5 M off bytes of 2.8 G of disk space available (20% of use)

  ***

  Many thanks in advance,

  Luca

  Luca;

  Signature updates are cumulative, so you can simply ask the S493 update.  A caveat, however, if you need to make a big move in the signature release (say S470 to S493) it is usually more effective to make small updates (especially on a platform of low memory as the IDS-4215).

  Scott

• IDS 4215, good place for an interface sniff (LAN or DMZ)

  I have this sensor with two interfaces only at work, I was asked to check that

  See the IDSWORK version #.

  Application partition:

  The Cisco Systems Version 1.0000 S47 Intrusion detection sensor

  2.4.18 - 5smpbigphys-4215 OS version

  Platform: IDS-4215

  an interface that is Ethernet 0 connected to switch in the DMZ, and 1 Ethernet connected to switch 4005, logically I have to monitor DMZ not switch box 4005 (since I had only two interfaces, my case), I'm right?

  That means that ethernet 0 should be to sniff (surveillance) since it is connected to the DMZ and interface 1 for command and control, since it is connected to switch 4005, but according to cisco specifications

  http://Cisco.com/en/us/products/HW/vpndevc/PS4077/products_configuration_guide_chapter09186a008055df7d.html#wp1051279

  Table 5-2

  FastEthernet0/0: Interfaces supporting VLAN pairs Inline (port detection)

  FastEthernet0/1: Interfaces do not support Inline (command and control Port)

  Note: Cisco has mentioned FastEthernet, one I had Ethernet, makes all the difference?

  Because I did not have this configuration, he made by another, should I change this?

  It seems that your credentials are equipped with the basic ports (2 x Ethernet) with E0 C & C port, while E1 is followed by port.

  BTW, Ethernet/FastEthernet ports are in fact the same.

  To monitor your DMZ segment, then place the E1 in this segment, as E0 on inside segment where in addition to directing the Manager of its web management or CLI interface box, you probably can use basic VMS that comes free with it.

  And since you have dedicated switch to host the entire DMZ segment, you can easily monitor box (SPAN) all and send all traffic to the IDS.

  If you need to change the configuration, you may need to test at least to verify signatures is enabled/disabled and pc/mgt host is allowed to access the box and so on. But it is a good practice for audit and review the new config/setup, as it is a security zone, you need to do to monitor trust and you talk about all the possible threats, attacks or violations.

  HTH

  AK

• How to see the log files in IDS 4215

  Hi all

  I have an IDS 4215, I want to check the Logs of the system for this ID, as Interface something like that.

  Thanks in advance.

  All system messages, including signature events are all 'show' commands.

  Enter the command show event displays only events in real time. If you want ot, past events, you need to add a time to the command option; show events past 20:00

  -Bob

• Questions of IDS-4215

  I bought this unit and I have problems with it, I did the restore and I put the new password and pick-me-up Dungeon to it, how to make out of it?

  CISCO SYSTEMS IDS-4215
  Embedded BIOS Version 5.1.7 03/02/04 11:20:35.01
  Compiled by dnshep
  Evaluate the Options of execution...
  Check for disc Image valid
  GRUB, loading stage1.5.

  GRUB loading, please wait...

  GRUB version 0.91 (632K lower / higher than 523264K memory)

  -------------------------------------------------------------------
  0: cisco IDS (vmlinuz - 2.4.26 - IDS-smp-bigphys}
  1: cisco IDS recovery
  -------------------------------------------------------------------

  Use the ^ and v keys to select which input is highlighted.
  Press ENTER to start the operating system selected, 'e' to change the
  orders before starting, 'a' to change the kernel arguments
  before you start, or 'c' for a command line.

  Entry 0 will be started automatically in 1 seconds.
  Start ' Cisco IDS (vmlinuz - 2.4.26 - IDS-smp-bigphys} ")

  root (hd0, 0)
  Filesystem type is ext2fs, partition type 0 x 83
  kernel (hd0,0)/boot/vmlinuz-2.4.26-IDS-smp-bigphys ro root = / dev/hdb1 had = flash)
  Console = ttyS0 bigphysarea = 16384
  [Linux bzImage, setup = 0 x 1400, size = 0x11b282]

  Linux version 2.4.26 - IDS-smp-bigphys ([email protected] / * / _build_master) (version gcc 2.96 20000731 (Red Hat Linux 7.3 2, 96-112)) #2 SMP Thu Aug 18 11:03:13 CDT 2005
  BIOS fitness card RAM:
  BIOS-e820: 0000000000000000 - 000000000009e000 (usable)
  BIOS-e820: 000000000009e000 - 00000000000a 0000 (reserved)
  BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
  BIOS-e820: 0000000000100000-0000000020000000 (usable)
  BIOS-e820: 00000000fff00000 - 0000000100000000 (reserved)
  0 MB HIGHMEM available.
  512 MB LOWMEM available.
  On the node 0 totalpages: 131072
  area (0): 4096 pages.
  area (1): 126976 pages.
  area (2): 0 pages.
  DMI does not exist.
  ACPI: Unable to locate the PDSP
  Kernel command line: ro root = / dev/hdb1 had flash = console = ttyS0 bigphysarea = 16384
  ide_setup: a = flash
  Local APIC disabled by BIOS - reactivation.
  Local APIC found and activated!
  The initialization of the #0 CPU
  Detected 845,655 MHz processor.
  Console: the unit dummy color 80 x 25
  Calibrating delay loop... 1684.27 BogoMIPS
  Memory: 449240 k/524288 KB available (kernel code of 1621 k, k 74656 reserved, 639 k data, 136 k init, 0 k highmem)
  Dentry cache hash table entries: 65536 (order: 7, 524288 bytes)
  Inode-cache hash table entries: 32768 (order: 6, 262144 bytes)
  Get cache hash table entries: 512 (order: 0, 4096 bytes)
  Buffer cache hash table entries: 32768 (order: 5, 131072 bytes)
  The page cache hash table entries: 131072 (order: 7, 524288 bytes)
  CPU: L1 I cache: 16K, D L1 cache: 16K
  CPU: L2 cache: 128K
  Architecture Intel machine control supported.
  Intel machine check reporting enabled on CPU #0.
  Enabling fast FPU save and restore... done.
  Allowing the use of unmasked SIMD FPU exception... done.
  Checking 'hlt' instruction... Ok.
  UNIFIX POSIX compliance test
  MTRR: v1.40 (20010327) Richard Gooch ([email protected] / * /)
  MTRR: detected mtrr type: Intel
  CPU: L1 I cache: 16K, D L1 cache: 16K
  CPU: L2 cache: 128K
  Intel machine check reporting enabled on CPU #0.
  CPU0: Intel Celeron (Coppermine) stepping 0
  by timeslice cut CPU: 365,62 usecs.
  Motherboard undetected SMP.
  Turned off turned on CPU #0
  Value of ESR before activating the vector: 00000000
  Value of ESR after activating the vector: 00000000
  Local APIC interrupt using timer.
  calibration of APIC timer...
  ..... CPU clock speed is 845,6568 MHz.
  ... bus clock speed host is 99,4889 MHz.
  CPU: 0, clocks: 994889, slice: 497444
  CPU0
  Waiting on wait_init_idle (card = 0x0)
  All processors have been init_idle
  PCI: PCI BIOS revision 2.10 to 0xff6a9, last bus = 1 entry
  PCI: Using configuration type 1
  PCI: Hardware probing PCI
  PCI: Hardware probing PCI (bus 00)
  Limitation of direct transfers of PCI/PCI.
  ISAPNP: digitization of the PnP cards...
  ISAPNP: no Plug Play devices & found
  Linux NET4.0 for Linux 2.4
  Swansea University Computer Society NET3.039-based
  The initialization of the RT netlink sockets
  From kswapd
  bigphysarea: 16384 pages for 0xc1606000.
  Responsible journaled block device driver
  Pty: 2048 Unix98 ptys configured
  keyboard: there is no Timeout - at THE keyboard? (ed)
  keyboard: there is no Timeout - at THE keyboard? (f4)
  Series c 5.05 driver version (2001-07-08) with MANY_PORTS MULTIPORT SHARE_IRQ SERIAL_PCI active ISAPNP
  ttyS00 at 0x03f8 (irq = 4) is a 16550
  ttyS01 at 0x02f8 (irq = 3) is a 16550
  V1.10F real time clock driver
  Initialized RAM disk driver: 16 discs RAM 4096 K size 1024 blocksize
  loop: loaded (max 8 devices)
  LPC: version 0.1 (August 18, 2005)
  Uniform cross-platform E-IDE review pilot: 7.00beta4 - 2.4
  IDE: assuming that the speed of the bus system 33 MHz for modes PIO; Override with idebus = xx
  PIIX4: Controller IDE PCI slot 00:07.1
  PIIX4: chipset revision 1
  PIIX4: not 100% natively: will probe IRQS later
  ide0: BM - DMA at 0xf800-0xf807, BIOS settings: had: pio, hdb:pio
  IDE1: BM - DMA at 0xf808-0xf80f, the BIOS settings: hdc:pio, hdd:pio
  has: SanDisk SDCFB-256, CFA HDD
  HDB: IC25N020ATCS04-0, ATA drive
  has: disable DMA (U) to SanDisk SDCFB-256
  BLK: queue c03bf1a8, I/O limit 4095 MB (mask 0xffffffff)
  ide0 at 0x1f0-0x1f7, 0x3f6 on irq 14
  has: attachment the ide disk driver.
  had: task_no_data_intr: status = 0 x 51 {DriveReady SeekComplete error}
  had: task_no_data_intr: error = 0 x 04 {DriveStatusError}
  had: 501760 sectors (257 MB) w/1KiB Cache, CHS = 497/16/63
  HDB: attached the ide disk driver.
  HDB: host protected area-online 1
  HDB: 39070080 sectors (20004 MB) w/1768KiB Cache, CHS = 2432/255/63, UDMA (33)
  Check the partition:
  has: hda1, hda2, hda3
  HDB: hdb1, hdb2 hdb3 hdb4
  IDE: late registration of the driver.
  Review SCSI subsystem driver: 1.00
  I2C-core. o: i2c core module version 2.8.7 (20040611)
  I2C - dev. o: i2c/dev entries driver module version 2.8.7 (20040611)
  I2C - proc.o version 2.8.7 (20040611)
  I2C-i801 version 2.8.7 (20040611)
  Net4: Linux 1.0 for NET4.0 TCP/IP
  IP protocols: ICMP, UDP, TCP, IGMP
  IP: routing 4096 buckets cache hash table, 32Kbytes
  TCP: Hash tables configured established 131072 bind (65536)
  Linux IP router multicast 0.06 and PIM - SM
  Net4: Unix domain sockets 1.0/SMP for Linux NET4.0.
  kjournald starting.  Commit interval 5 seconds
  Ext3-fs: mounted filesystem with ordered data mode.
  VFS: Mounted root (ext3 file system) readonly.
  Release of memory used kernel: 136 k released
  INIT: initialization of version 2.84
  Welcome to CIDS v4.1 (1) S47 (Phoenix)
  Mounting proc filesystem: [OK]
  Configuration of the kernel parameters: [OK]
  Setting clock (localtime): my Apr 19 19:14:53 UTC 2010 [OK]
  Activation of swap partitions: [OK]
  Hostname parameter sensor: [OK]
  modprobe: can't open dependencies file /lib/modules/2.4.26-IDS-smp-bigphys/modules.dep (no such file or directory)
  Checking file system root
  / dev/hdb1: clean, 27334/83520 files, 56775/166666 blocks
  [/sbin/fsck.ext3 (1)-/] fsck.ext3 - a/dev/hdb1
  [OK]
  Back the root read / write file system: [OK]
  Find the module dependencies: depmod: can't open /lib/modules/2.4.26-IDS-smp-bigphys/modules.dep for writing
  [NOT]
  Checking of file systems
  / dev/hdb3: clean, 12 files, 2008, 1300/8032 blocks
  / dev/hda1: clean, 33/2656 files, blocks of 4184/10584
  / dev/hdb4: clean, 32/2280320 files, blocks 80505/4558443
  / dev/hda3: clean, 20/58232 files, 84949/232848 blocks
  Check all file systems.
  [/sbin/fsck.ext3 (1)-/ bootmnt] fsck.ext3 - a/dev/hda1
  [/sbin/fsck.ext3 (2)-/ usr/cids/idsRoot/shared] fsck.ext3 - a/dev/hdb3
  [/sbin/fsck.ext3 (2)-/ usr/cids/idsRoot/var] fsck.ext3 - a/dev/hdb4
  [/sbin/fsck.ext3 (2)-/ mnt/recovery] fsck.ext3 - a/dev/hda3
  [OK]
  Mounting local filesystems: [OK]
  Activation of local file system quotas: [OK]
  Activation of the swap space: [OK]
  Non-interactive startup entry
  Setting the network parameters: [OK]
  Set up the loopback interface: [OK]
  modprobe: can't open dependencies file /lib/modules/2.4.26-IDS-smp-bigphys/modules.dep (no such file or directory)
  Setting up interface eth1: [OK]
  Start recorder system: [OK]
  Kernel start recorder: [OK]
  Load keymap: [OK]
  Loading system font: [OK]
  The initialization of the random number generator: [OK]
  Audit of the allocated kernel memory: [OK]
  No XL map shows
  Charge Cidmodcap: WARNING: the kernel-module version mismatch
  /lib/modules/CID/cidmodcap.o was compiled for kernel version 2.4.18 - 5smpbigphys
  While this kernel version 2.4.26 - IDS-smp-bigphys
  /lib/modules/CID/cidmodcap.o: symbol register_chrdev_Rsmp_0450333d pending
  /lib/modules/CID/cidmodcap.o:
  Tip: You are trying to load a module without a GPL compatible license
  and unresolved symbols.  Contact the provider module for
  help, only they can help you.

  [NOT]
  Creation of boot.info [OK]
  Checking for changes to the system since the last boot [WARNING]
  Check the identification of the model [OK]
  Model: IDS-4215
  Error: mainApp has not started
  From sshd: [OK]
  From xinetd: [OK]
  From crond: [OK]
  From anacron: [OK]

  Login: cisco
  Password:
  You are required to change your password immediately (years)
  Change password for cisco
  (ongoing) UNIX password:
  New password:
  Retype the new password:
  NOTICE *.
  This product contains cryptographic features and is under the United States
  and local laws governing the import, export, transfer and use. Delivery
  Cisco cryptographic products does not imply permission to third parties to import,
  export, distribute or use encryption. Importers, exporters, distributors and
  users
  sensor connection: cisco
  Password:
  NOTICE *.
  This product contains cryptographic features and is under the United States
  and local laws governing the import, export, transfer and use. Delivery
  Cisco cryptographic products does not imply permission to third parties to import,
  export, distribute or use encryption. Importers, exporters, distributors and
  users are responsible for compliance with U.S. and local country. With the help of
  This product you agree to comply with the regulations and laws in force. If you
  are unable to meet the United States and local laws, return the product.

  A summary of U.S. laws governing Cisco cryptographic products to:
  http://www.Cisco.com/WWL/export/crypto

  If you need assistance please contact us by mail at
  [email protected] / * /.

  connection of the sensor:

  Since you did the recovery I assumeyou already tried to the unit powering down and back up.

  This is a weird problem I havn't seen before, but sometimes the sensors get currupt and need a full reimage to return to normal.

  I would like to download the most recent image 4215 and TFTP in your sensor in ROMMON.

  http://www.Cisco.com/en/us/partner/docs/security/IPS/6.0/installation/guide/hwImage.html#wp1030874

  -Bob

• CD or DVD not detected for the first time, always detected on insert it again.

  Whenever I insert a CD or a DVD into my DVD drive, the drive is not detected. No contents of the drive is displayed in Windows Explorer. I see the drive to read the disc, as indicated by the green light flashing, but nothing happens. This problem is always solved by reinserting the disc. I don't know why I have to insert each disk twice each time so to be read and any help would be greatly appreciated. When I insert the DVD for the first time, its content is not considered in the Windows Explorer, however, he begins to play when I open my DVD playback software and click on the play button. I have Windows XP Professional SP3.

  Hello

  1. don't you make changes to the computer until the problem occurred?

  I suggest you to try the steps below and check if it helps.

  Method 1: Your CD or DVD drive cannot read or write media

  http://support.Microsoft.com/mats/cd_dvd_drive_problems/en-us

  Method 2:
  The article below describes how to troubleshoot common problems that may occur when a Windows XP-based computer cannot read a CD or a DVD in a CD or DVD drive. This article contains several methods that you can use to try to solve these problems, and it also includes some advanced troubleshooting steps.
  How to troubleshoot common problems that occur when a Windows XP-based computer cannot read a CD or DVD:
  http://support.Microsoft.com/kb/321641/

  See also:
  How to manage devices in Windows XP
  http://support.Microsoft.com/kb/283658

  Hope this information is useful.

• When I cut my computer on it comes up telling me that the battery cannot be detected or displayed.

  original title: battery problem

  To all,

  When I cut my computer on it comes up telling me that the battery cannot be detected or displayed.

  I unplugged the battery taken power and put it back it, that did not work,

  The battery is fully charged and when I check the battery in the control panel for the strength of the battery, the system is telling me, it is fully charged and there is nothing wrong with my battery.

  Then I ask why I get this error when I start my computer.

  Can anyone help me on how can I do to fix it.

  Thank you

  Russell Froedge

  Hello

  Check with support from the manufacturer of their books online and the drivers and their forums system
  (as applicable) for known issues. Some manufacturer issued BIOS and other updates to help the battery
  problems.

  Control Panel control - plan change Options - power plans - power - advanced settings
  Parameters for the drainage and the use of parameters (this is how much to use and not how much or how)
  long to load).

  In fact, what causes a lot of wear on a battery empties it too low on several occasions. With today
  systems overload are not a problem.

  Here are some tips to help and troubleshoot battery issues.

  Old battery? Unplug the power to the computer - remove the battery and clean the contacts with a pencil
  eraser (do not use this, if your battery is fine slots - just clean up the edges of the knife which fit in)
  them and be careful). Batteries are old, or it could be a problem with the computer.
  Check with the support of the machine system, and many of them have on line forums.

  New Lithium-Ion type battery usually last longer if you do not unload then less than 30%
  However on a laptop that not extend their life a lot. Best is to use the a/c adapter
  When this is possible.

  I use the free version of BatteryBar to monitor my battery. Click on the green button on the
  Yellow box on the right side of the page to download the latest stable version.

  BatteryBar - free version available
  http://osirisdevelopment.com/BatteryBar/index.html

  Another good program

  Vista battery saver - free
  http://www.codeplex.com/vistabattery

  Problems with the lives of its use and the battery of power - Mr Fixit
  http://support.Microsoft.com/GP/windows_battery_power_settings

  You can also check with the manufacturer of system and forums that many use their own
  proprietary software to monitor the battery and they could be known problems with your battery.

  ============================================================

  Try this - to make a Restore Point

  How to create a Vista System Restore Point
  http://www.Vistax64.com/tutorials/76332-system-restore-point-create.html

  How to make a Vista system restore
  http://www.Vistax64.com/tutorials/76905-System-Restore-how.html

  Then Control Panel - Manager of devices - Batteries - Double click on each item - drivers - tab
  Update the drivers (which can do nothing) - then do a right click and UNINSTALL each.
  RESTART which will update the driver stacks.

  Problems with the lives of its use and the battery of power - Mr Fixit
  http://support.Microsoft.com/GP/windows_battery_power_settings

  I hope this helps.

  Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle=""><- mark="" twain="" said="" it="">

• Fleeing from a host on the PIX 520 but alerts that are still coming to the IDS

  Last week I saw allot of traffic from a particular host that triggers alerts IDS. After investigating the source, I added a statement SHUN to the pix. When I do a 'sho shun stat' of the NTC for this host is quite high (352) and rises. I still get alerts of the IDS on this particular host (Fragment IP and host sweeps). I guess if I was fleeing from an IP address, I don't receive alerts of IDS on that. Can someone explain what I am doing wrong? Thanks in advance.

  Seems obvious, but can't hurt to ask - where the sniff of your sensor interface? Of course, if your sniffing interface is located outside the pix, then junk traffic will always reach the pix - it just won't be through it.

  In addition, are fleeing this host for these alarms? Doing a show 'show shun' that host being blocked FOR the time you see alerts for this particular host?

  Jeff

• License on Cisco IDS 4215 box

  I have IDS 4215 (version 4) works fine for 2 years. All of a sudden I could not access the IDS4215 via the console or telnet last month. I rebooted it, but there is no change.

  Then we get the ROMMON prompt via CTRL-R. We performed procedures "Installation image of the system IDS-4215. We have installed version 5. So, we lost the old license for IDS 4215 ver 4. How can I get old license?

  We want to make the 4215 IDS to work with version 5 and the latest signatures. What should we do in this regard?

  It wasn't a license file in ver 4.

  Licenses were introduced in ver 5.

  Licenses are included as part of your Cisco Service for IPS maintenance contract.

  To see if you have a contract to day just go in the license of IDM configuration page and click on the button to say IDM to check cisco.com for a license.

  If she comes back with a license while your contract is up to date and everything is good.

  If she does not return with a license, then probably you don't have a Service Cisco IPS service contract for your sensor.

  Your Cisco or an authorized Cisco reseller sales Reprentative contract and request a quote for Service Cisco IPS contract for your sensor.

  Don't forget to give them the serial number of your sensor when you buy the contract so it is followed correctly in the database of contract of Cisco.

• IDS-4215 virtual sensors

  Can I have several virtual devices on 4215 executes code 6.0?

  Unfortunately, IDS-4215 does not support many virtual devices.

  Here is the URL for your reference:

  http://www.Cisco.com/en/us/docs/security/IPS/6.0/Configuration/Guide/IDM/dmAnEng.html#wp1035318

• Error on server IDS 4215 TLS certificate VEI

  IDS 4215 5.0 software version not connect with IVE and IME server. "" IOException when trying to get the certificate: java.security.cert.CertificateExpiredException. error message is displayed. How this can be solved?

  Hello

  I think it's easy, please go to the CLI and try the following?

  generate TLS keys

  Let me know the results!

  http://www.Cisco.com/en/us/docs/security/IPS/6.0/Configuration/Guide/CLI/cliTasks.html#wp1036929

  Mike

• IDS 4215 date and time change after restart

  Hello

  I am facing problem with cisco IDS 4215 (version 6.0), date and time of change in the device after reboot. What is the command to save the configuration. record or write mem does not work.

  Amarjeet Singh

  Once the date and time changes are applied Cisco IPS CLI, they should have been saved. No additional step of "savings" manually is necessary.

  Also, have you thought about Configure NTP on IPS server. IPS synchronizes time with NTP server, if there is no difference.

  I suggest you contact Cisco TAC and report the problem of equipment.

  Kind regards

  Sawan Gupta

• Sensor not known version of the IDS MC

  The system IDS 4215 sensor is version: 1.0000 S47. The MC of the IDS (version 1.2) does not have this version and recommends an update of the signature.

  I downloaded the file IDS-K9-min-4.1-1-S47.rpm.pkg to the web site of Cisco and attempt to update the signature in accordance with the instructions in the ReadMe file.

  I received the following message:

  "Failed to update the object. The provided update package seems to be corrupted, or refused permission to read the file. Please check the contents of the update package and try the operation again. »

  I checked the downloaded file's MD5 signature, and it's OK. I tried to download the file again and I got truncated versions (size about 256 KB).

  I use the correct file? How can I get the correct version of the file? Am I missing any parameter?

  Thank you for your help.

  What you have is the package of real update to the sensor itself. If you use MC to push updates, you need the package from the following location:

  http://www.cisco.com/cgi-bin/Software/Tablebuild/doftp.pl?ftpfile=cisco/crypto/3DES/cw2000/mgmt-ctr/ids/ids4updates/IDS-K9-min-4.1-1-S47.zip&swtype=FCS&software_products_url=%2Fcgi-bin%2Ftablebuild.pl%2Fmgmt-ctr-ids-ids4updates&isChild=&appName=&tbtype=mgmt-ctr-ids-ids4updates

  It contains the files needed for the update of MC and the real update package will be pushed to the sensor.