https://community.cisco.com/t5/network-security/custom-signature-question/m-p/1316049#M76774 <HTML><HEAD></HEAD><BODY><P>A Method of detecting malicious network activity by signatures and then implementing a policy for that signature. Secure Hash Algorithm 1. SHA-1 [NIS94c] is a revision to SHA that was published in 1994. SHA is closely modeled after MD4 and produces a 160-bit digest. Because SHA produces a 160-bit digest, it is more resistant to brute-force attacks than 128-bit hashes (such as MD5), but it is slower.</P></BODY></HTML> Wed, 15 Jul 2009 13:07:06 GMT pradeepde 2009-07-15T13:07:06Z https://community.cisco.com/t5/network-security/custom-signature-question/m-p/1316048#M76769 <P>Is there a way to write a custom signature that looks for a IP address making rapid connection attempts to an IPSec termination device trying to brute force a pre-shared key? Would this be something the Anomaly Detection engine would detect?</P> Sun, 10 Mar 2019 11:41:44 GMT https://community.cisco.com/t5/network-security/custom-signature-question/m-p/1316048#M76769 Carlos Castillo 2019-03-10T11:41:44Z https://community.cisco.com/t5/network-security/custom-signature-question/m-p/1316049#M76774 <HTML><HEAD></HEAD><BODY><P>A Method of detecting malicious network activity by signatures and then implementing a policy for that signature. Secure Hash Algorithm 1. SHA-1 [NIS94c] is a revision to SHA that was published in 1994. SHA is closely modeled after MD4 and produces a 160-bit digest. Because SHA produces a 160-bit digest, it is more resistant to brute-force attacks than 128-bit hashes (such as MD5), but it is slower.</P></BODY></HTML> Wed, 15 Jul 2009 13:07:06 GMT https://community.cisco.com/t5/network-security/custom-signature-question/m-p/1316049#M76774 pradeepde 2009-07-15T13:07:06Z