02-18-2005 06:41 AM - edited 03-10-2019 01:17 AM
Currently, I am using IDS 4210, I am wondering is there is a way to create custom signature to capture alarms only on Port (6129). Any Idea on how to do that?
Thank you
02-18-2005 08:15 AM
I think you are in the forensics phase trying to find out what attack is happening? If so you can creat a signature to produce an alarm whenever you see 6129 traffic, then look at those alarms and analize what's going on. As far as creating a signature for all known attacks on 6129, that may be very tinme consuming and not practical. See the following URL for signature creation. http://www.cisco.com/en/US/partner/products/sw/cscowork/ps3990/products_user_guide_chapter09186a0080104f44.html
02-18-2005 08:59 AM
I am trying to use thie URL but it askes for me for login information, however, I have CCO acount with cisco. ???
02-18-2005 08:20 AM
Sorry - Here's an addemdum. Apparently port 6129 is a popular attack port recently. Look at the folloiwng URL. http://www.keyfocus.net/kfsensor/kb/mydoom.php. Check the Cisco signature updates and see of a signature has been create yet for this attack, if not using the information in this URL and the previous URL I sent you should be able to cteate a signature to stop the attack.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide