Are you looking for separate IDS products that integrate with the PIX, or an IDS system which will work in your environment. Two very different solutions, dependent on what you want the IDS system to accomplish (monitoring only), alerting, shunting/resets, etc. As well, are you the guy who will receive the calls at 3:00 am in the morning (either true events or false alarms. That being said...
The PIX product itself contains a (very limited) IDS service, identifying a set of known attacks and allowing an action to be taken on their identification. Approximately 50 signatures are used in the PIX ruleset, those being a subset of the full Cisco IDS system. Another option is to use Snort, an open-source IDS. Chris Smith -----Original Message----- From: Mathieu Patenaude [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 8:47 AM To: [EMAIL PROTECTED] Subject: IDS for Pix Firewall Do you know of a free or cheap IDS solution for the Cisco Pix Firewall. I don't want to buy their hardware IDS ($$$$). I think that Syslog Server is not enough. I need something that can identify the attacks and that can send emails Mathieu P.S. What do you think of www1.dshield.org... is it a good source