cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

702
Views
5
Helpful
2
Replies
Highlighted
Frequent Contributor

Cisco IPS Custom Signatures

I am working on creating some custom signatures.  I created one that works really well for the FTP traffic.  If some one tries to login as most commonly used default user ID's their connection gets reset.  Now that is great.  But we have a secure FTP server and since that traffic is encrypted.  Any way I can get the IPS to look at that traffic for the username or is the IPS unable to do that?

Secondly is there a signature for Brute Force attack in IPS?  I can't seem to find it, we had an instance where an IP tried to log into our FTP server using a specific username for like over 100 times and IPS did not detect it.

2 REPLIES 2
Highlighted
Beginner

You could use the following two signatures:

6250/1 - FTP Authorization Failure

21539/2 - FTP Service for IIS Denial of Service (if applicable in your case)

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta
Highlighted

Thank you however it will only work for FTP, I'm trying to get something like that going for sftp too.

Content for Community-Ad