Intrusion detection views
Security is provided by Intrusion Detection Services (IDS). MainView for IP provides views that display information about defined IDS policies.
IDS provides the following support:
- Scan detection and reporting
- Attack detection, reporting, prevention
- Traffic regulation for TCP connections and UDP receive queues
IDS policies are used to specify what events are to be detected, under what circumstances and what action to take. Scans are recognized as the result of multiple gathering events from a single source IP within a defined period of time. An attack can be a single packet designed to crash or hang a system, and can also consist of multiple packets designed to consume a limited resource causing devices to be unavailable to their intended users (that is, denial of service). IDS attack policy allows you to turn on attack detection for categories of attacks independently of each other.
The IDS categories of attacks are:
- Malformed packet events
- Inbound fragment restrictions
- IP protocol restrictions
- IP option restrictions
- UDP perpetual echo
- ICMP redirect restrictions
- Outbound raw restrictions
- Flood events
The following table describes the views that provide detailed information about your intrusion detection service.
IDS views
View | Description of display |
|---|---|
IDSS | A summary of the Intrusion Detection Services policies |
IDSFLOOD | All active interface floods |
IDSTCPPL | Information about active Intrusion Detection Services policies for the TCP protocol |
IDSUDPPL | Information about active Intrusion Detection Services policies for the UDP protocol |