Just last week I updated to the latest 12.3T IOS (IOS 12.3(8)T).

While reading some of the documentation and searching for new features within the CLI itself, I found

ip ips

Which is the Cisco Intrusion Prevention System.

I configured it with the default rules but am unable to find any good documentation about the IPS itself and configuring additional rulesets. If the router had come with this IOS, then it would have an attack-drop.sdf file in the flash that I could merge with the default rules in the IOS. Since I upgraded mine... the file isn't there and I can't seem to find it anywhere.

I just wanted to play and learn more about this IPS.

So far it seems pretty cool. I'm seeing all kinds of stuff being dropped through the IPS.

Before, you really only had ACLs to work with... and a basic IDS... but to include firewall/IDS/IPS into one... very cool! Especially cause its all in the router.

I'm such a geek... I get excited when I find new features to play with...

Anyway, anyone messing with this yet? Anyone know where I can find the sdf file?

I'm going to continue reading docs but I figured I'd throw this out there and see if I catch anything.


While searching for more info specifically on the IPS I've found some docs that it looks like Cisco took down... its in the cache, but not on the site. So, I can't find any specific documentation besides a pdf on how to configure it for an interface. I can't find any info on how to apply new rulesets or anything like that.

Doh! I'm such a retard... if google has it cached... just use the cache! LoL

www.cisco.com/en/US/products/sw/iosswrel/ps5207/products_feature_guide09186a008021f875.html+Cisco+IOS+Intrusion+Prevention+System&hl=en]Google Cisco IPS cache[/URL]

I still can't find where to obtain the latest attack-drop.sdf file... probably cause they took down that page? Man... they can make it really hard to find what you are looking for...