Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

7-26

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 7 Configuring Event Action Rules

Configuring OS Identifications

Step 11 Verify that the filter has been moved to the inactive list.

sensor(config-eve-fil)# exit

sensor(config-eve)# show settings

-----------------------------------------------

INACTIVE list-contents

-----------------------------------------------

-----------------------------------------------

NAME: name1

-----------------------------------------------

signature-id-range: 900-65535 <defaulted>

subsignature-id-range: 0-255 <defaulted>

attacker-address-range: 0.0.0.0-255.255.255.255 <defaulted>

victim-address-range: 0.0.0.0-255.255.255.255 <defaulted>

attacker-port-range: 0-65535 <defaulted>

victim-port-range: 0-65535 <defaulted>

risk-rating-range: 0-100 <defaulted>

actions-to-remove: <defaulted>

filter-item-status: Enabled <defaulted>

stop-on-match: False <defaulted>

user-comment: <defaulted>

-----------------------------------------------

-----------------------------------------------

sensor(config-eve)#

Step 12 Exit event action rules submode.

sensor(config-eve)# exit

Apply Changes:?[yes]:

Step 13 Press Enter to apply your changes or enter no to discard them.

For More Information

• For the procedure for configuring event action variables, see Adding, Editing, and Deleting Event

Action Variables, page 7-11.

• For a detailed description of the event actions, see Event Actions, page 7-5.

Configuring OS Identifications

This section describes OS identifications and how to configure OS maps, and contains the following

topics:

• Understanding Passive OS Fingerprinting, page 7-26

• Passive OS Fingerprinting Configuration Considerations, page 7-28

• Adding, Editing, Deleting, and Moving Configured OS Maps, page 7-28

• Displaying and Clearing OS Identifications, page 7-32

Understanding Passive OS Fingerprinting

Passive OS fingerprinting lets the sensor determine the OS that hosts are running. The sensor analyzes

network traffic between hosts and stores the OS of these hosts with their IP addresses. The sensor

inspects TCP SYN and SYNACK packets exchanged on the network to determine the OS type.

previous next