Diagnosing IDS policy problems

This topic describes the commands used to diagnose IDS policy problems.

Some intrusion detection services (IDS) policies are not mapped until they are needed. Attack policies, scan global policies, and scan event policies for protocols ICMP and ICMPv6 are mapped immediately when the policy is installed in the stack. Scan Event policies for protocols TCP and UDP are mapped on the first occurrence of a potentially countable event. TR policies for protocol TCP are mapped when a local application does a listen() and when a client completes the three-way connection handshake. TR policies for protocol UDP are mapped when an inbound datagram arrives for a bound port.

Parent topic: Diagnosing intrusion detection problems