cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
941
Views
5
Helpful
2
Replies

Cisco IPS Custom Signatures

ALIAOF_
Level 6
Level 6

I am working on creating some custom signatures.  I created one that works really well for the FTP traffic.  If some one tries to login as most commonly used default user ID's their connection gets reset.  Now that is great.  But we have a secure FTP server and since that traffic is encrypted.  Any way I can get the IPS to look at that traffic for the username or is the IPS unable to do that?

Secondly is there a signature for Brute Force attack in IPS?  I can't seem to find it, we had an instance where an IP tried to log into our FTP server using a specific username for like over 100 times and IPS did not detect it.

2 Replies 2

sawgupta
Level 1
Level 1

You could use the following two signatures:

6250/1 - FTP Authorization Failure

21539/2 - FTP Service for IIS Denial of Service (if applicable in your case)

Regards,

Sawan Gupta

Thanks & Regards, Sawan Gupta

Thank you however it will only work for FTP, I'm trying to get something like that going for sftp too.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: