Cisco ASA and PIX Firewall Handbook

13-1. IDS Overview

IDSs are used to inspect traffic on a network, examining activity from hosts to detect malicious behavior. IDS sensors maintain a database of signatures that are used as templates to discover such activity taking place. The signatures are uniquely numbered and define a type of traffic, a pattern of traffic, or a complex sequence of events that make up known exploits. For a complete list of signature ID numbers, see section 13-4, “IDS Sensor Signature List.”

IDS signatures are divided into two categories:

Info signatures— Information-gathering techniques used by potentially malicious users. These can include ping sweeps to discover active hosts, port sweeps to discover active applications, and so on.
Attack signatures— Techniques ...

Get Cisco ASA and PIX Firewall Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Cisco ASA and PIX Firewall Handbook by Dave Hucaby

13-1. IDS Overview

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly