Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
363
Views
0
Helpful
1
Replies

IDS new signature

paltel
Level 1
Level 1

‎03-14-2005 12:41 AM - edited ‎03-10-2019 01:20 AM

can i create new signature by the total of bytes if yes how i can make it .

BR

RAM

Labels:
0 Helpful
1 Reply 1

a.arndt
Level 3
Level 3

‎03-17-2005 06:16 AM

Without some further detail of what it is you're trying to write a signature for, I don't think anyone can answer your question, per se.

I can't think of any signature engine that alarms based on total number of bytes within a given transport protocol (or even ICMP, just in case you're looking at that) by itself.

I know you can use a byte mask to indicate where your signature will actually start working (for example, TCP Stream signature where you look for a particular regular expression after 400 bytes of data have been seen), but the number of bytes itself won't set off an alarm.

Of course, I'm not including DoS scenarios like Ping of Death and Teardrop where specific signatures have already been provided, but I'm just saying this for completeness...

Care to expand on your intent?

Alex Arndt

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card