Custom Signature
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2005 06:41 AM - edited 03-10-2019 01:17 AM
Currently, I am using IDS 4210, I am wondering is there is a way to create custom signature to capture alarms only on Port (6129). Any Idea on how to do that?
Thank you
- Labels:
-
IPS and IDS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2005 08:15 AM
I think you are in the forensics phase trying to find out what attack is happening? If so you can creat a signature to produce an alarm whenever you see 6129 traffic, then look at those alarms and analize what's going on. As far as creating a signature for all known attacks on 6129, that may be very tinme consuming and not practical. See the following URL for signature creation. http://www.cisco.com/en/US/partner/products/sw/cscowork/ps3990/products_user_guide_chapter09186a0080104f44.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2005 08:59 AM
I am trying to use thie URL but it askes for me for login information, however, I have CCO acount with cisco. ???
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2005 08:20 AM
Sorry - Here's an addemdum. Apparently port 6129 is a popular attack port recently. Look at the folloiwng URL. http://www.keyfocus.net/kfsensor/kb/mydoom.php. Check the Cisco signature updates and see of a signature has been create yet for this attack, if not using the information in this URL and the previous URL I sent you should be able to cteate a signature to stop the attack.
