Support User Manuals

Cisco Systems IPS 7.1 Home Security System User Manual

Open as PDF

of 1042

9-33

Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1

OL-19892-01

Chapter 9 Configuring Anomaly Detection

Configuring the External Zone

• override-scanner-settings {yes | no}—Lets you override the scanner values:

–

threshold-histogram {low | medium | high} num-source-ips number—Sets values in the

threshold histogram.

–

scanner-threshold—Sets the scanner threshold. The default is 200.

Configuring the External Zone UDP Protocol

To configure UDP protocol for a zone, follow these steps:

Step 1 Log in to the CLI using an account with administrator privileges.

Step 2 Enter anomaly detection external zone submode.

sensor# configure terminal

sensor(config)# service anomaly-detection ad0

sensor(config-ano)# external-zone

sensor(config-ano-ext)#

Step 3 Enable UDP protocol.

sensor(config-ano-ext)# udp

sensor(config-ano-ext-udp)# enabled true

Step 4 Associate a specific port with UDP protocol.

sensor(config-ano-ext-udp)# dst-port 20

sensor(config-ano-ext-udp-dst)#

Step 5 Enable the service for that port.

sensor(config-ano-ext-udp-dst)# enabled true

Step 6 Override the scanner values for that port. You can use the default scanner values, or you can override

them and configure your own scanner values.

sensor(config-ano-ext-udp-dst)# override-scanner-settings yes

sensor(config-ano-ext-udp-dst-yes)#

Step 7 Add a histogram for the new scanner settings. Enter the number of destination IP addresses (low,

medium, or high) and the number of source IP addresses you want associated with this histogram.

sensor(config-ano-ext-udp-dst-yes)# threshold-histogram low num-source-ips 100

Step 8 Set the scanner threshold.

sensor(config-ano-ext-udp-dst-yes)# scanner-threshold 100

Step 9 Configure the default thresholds for all other unspecified ports.

sensor(config-ano-ext-udp-dst-yes)# exit

sensor(config-ano-ext-udp-dst)# exit

sensor(config-ano-ext-udp)# default-thresholds

sensor(config-ano-ext-udp-def)# default-thresholds

sensor(config-ano-ext-udp-def)# threshold-histogram medium num-source-ips 120

sensor(config-ano-ext-udp-def)# scanner-threshold 120

Step 10 Verify the UDP configuration settings.

sensor(config-ano-ext-udp)# show settings

udp

-----------------------------------------------

dst-port (min: 0, max: 65535, current: 4)

-----------------------------------------------

number: 20

previous next