Reference Guide
Intrusion detection system commands 3 Configuration commands
40 NN47928-107
Intrusion detection system commands
The Intrusion Detection System (IDS) defense is designed for protection
against attacks that are destined for the BSGX4e or the LAN.
IDS inspects all inbound and outbound network activity and identifies
patterns that can indicate system attacks. Table 3
lists the applicable
protocols.
IDS identifies the following types of attacks:
z Packet anomaly—Protects the unit from abnormal packets that intend to
crash the destination.
z Scan—Protects the unit from useless packets that intend to locate holes
in the firewall.
z Flood—Protects the unit from excess incoming packets that can overload
the unit.
z Spoof—Protects the LAN network and the unit from intrusion. IDS spoof
protection is applicable for all configured untrusted interfaces (see ids
spoof on page 47).
Note: For a secure system, Nortel recommends that IDS protection remains
enabled.
Use the following commands to configure IDS:
z ids anomaly
z ids flood activity
z ids flood settings
z ids scan
z ids spoof
Table 3 Protocols for which IDS attack protection applies
Attack Ethernet protocols
(ARP, STP, CDP, others)
Unknown IP
protocols
IP UDP TCP ESP ICMP RTP
Anomaly
X X X X
Flood
X X X X X X
Scan
X X X