27-55
Cisco Router and Security Device Manager 2.5 User’s Guide
OL-4015-12
Chapter27 Cisco IOS IPS
Edit IPS
Cisco Security Center
The Cisco Security Center provides information on emerging threats, and links to
the Cisco IOS IPS signatures available to protect your network from them.
Signature reports and downloads are available at this link (requires login):
http://tools.cisco.com/MySDN/Intelligence/searchSignatures.x
IPS-Supplied Signature Definition Files
To ensure that the router has as many signatures available as its memory can
accommodate, Cisco SDM is shipped with one of the following SDFs:
256MB.sdf—If the amount of RAM available is greater than 256 MB. The
256MB.sdf file contains 500 signatures.
128MB.sdf—If the amount of RAM available is between 128 MB and
256 MB. The 128MB.sdf file contains 300 signatures.
attack-drop.sdf—If the amount of available RAM is 127 MB or less. The
attack-drop.sdf file contains 82 signatures.
If your router runs Cisco IOS version 12.4(11)T or later, you must use an SDF file
that has a name of the format sigv5-SDM-Sxxx.zip; for example,
sigv5-SDM-S260.zip.
Note The router must be running CiscoIOS Release 12.3(14)T or later releases to be
able to use all the available signature engines in 256MB.sdf and 128MB.sdf files.
If the router uses an earlier release, not all signature engines will be available.
To use an SDF in router memory, determine which SDF has been installed and
then configure Cisco IOS IPS to use it. The procedures that follow show you how
to do this.

Determine Which SDF File Is in Memory

To determine which SDF file is in router memory, open a Telnet session to the
router, and enter the show flash command. The output will be similar to the
following:
System flash directory: