Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
904
Views
0
Helpful
3
Replies

Custom Signature

emad.mohamed
Level 1
Level 1

‎02-18-2005 06:41 AM - edited ‎03-10-2019 01:17 AM

Currently, I am using IDS 4210, I am wondering is there is a way to create custom signature to capture alarms only on Port (6129). Any Idea on how to do that?

Thank you

Labels:
0 Helpful
3 Replies 3

gabelar
Level 1
Level 1

‎02-18-2005 08:15 AM

I think you are in the forensics phase trying to find out what attack is happening? If so you can creat a signature to produce an alarm whenever you see 6129 traffic, then look at those alarms and analize what's going on. As far as creating a signature for all known attacks on 6129, that may be very tinme consuming and not practical. See the following URL for signature creation. http://www.cisco.com/en/US/partner/products/sw/cscowork/ps3990/products_user_guide_chapter09186a0080104f44.html

0 Helpful

emad.mohamed
Level 1
Level 1
In response to gabelar

‎02-18-2005 08:59 AM

I am trying to use thie URL but it askes for me for login information, however, I have CCO acount with cisco. ???

0 Helpful

gabelar
Level 1
Level 1

‎02-18-2005 08:20 AM

Sorry - Here's an addemdum. Apparently port 6129 is a popular attack port recently. Look at the folloiwng URL. http://www.keyfocus.net/kfsensor/kb/mydoom.php. Check the Cisco signature updates and see of a signature has been create yet for this attack, if not using the information in this URL and the previous URL I sent you should be able to cteate a signature to stop the attack.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card