9-48
Cisco Intrusion Prevention System Sensor CLI Configuration Guide for IPS 7.2
OL-29168-01
Chapter 9 Configuring Anomaly Detection
Disabling Anomaly Detection
TCP Protocol
UDP Protocol
Other Protocol
sensor#
Step 3
Display the statistics for all virtual sensors.
sensor# show statistics anomaly-detection
Statistics for Virtual Sensor vs0
No attack
Detection - ON
Learning - ON
Next KB rotation at 10:00:01 UTC Wed Jun 29 2006
Internal Zone
TCP Protocol
UDP Protocol
Other Protocol
External Zone
TCP Protocol
UDP Protocol
Other Protocol
Illegal Zone
TCP Protocol
UDP Protocol
Other Protocol
Statistics for Virtual Sensor vs1
No attack
Detection - ON
Learning - ON
Next KB rotation at 10:00:00 UTC Wed Jul 29 2006
Internal Zone
TCP Protocol
UDP Protocol
Other Protocol
External Zone
TCP Protocol
UDP Protocol
Other Protocol
Illegal Zone
TCP Protocol
UDP Protocol
Other Protocol
sensor#
Disabling Anomaly Detection
If you have anomaly detection enabled and you have your sensor configured to see only one direction of
traffic, you should disable anomaly detection. Otherwise, you will receive many alerts, because anomaly
detection sees asymmetric traffic as having incomplete connections, that is, like worm scanners, and fires
alerts.
To disable anomaly detection, follow these steps:
Step 1
Log in to the CLI using an account with administrator privileges.
Step 2
Enter analysis engine submode.
sensor# configure terminal