Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
5
Helpful
3
Replies

Instant Messaging detection

Go to solution
napoleoncrowe
Level 1
Level 1

‎02-02-2005 11:29 AM - edited ‎03-10-2019 01:15 AM

I am using a 4235 and need to be able to detect when a user is using any type of IM or P2P application. I know others are able to do this but they are using a different brand IDS. Any help or ideas whould be very helpful. My infrastructure is all Extreme so NBAR is not an option.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
rupadras
Cisco Employee
Cisco Employee
In response to nkhawaja

‎02-02-2005 01:27 PM

We have added a considerable number of signatures in the last few releases. For example, signatures 11019-11020, 11028-11031, 11200-11232 have been added in release S140. These signatures add greatly to our current coverage of IM and P2p products as well as providing more granular activity monitoring. However, They have been disabled by default. To use them, you have to enable them. We are in the process of releasing a few more soon.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
nkhawaja
Cisco Employee
Cisco Employee

‎02-02-2005 12:39 PM

some signatures should already be there. see details here

http://www.cisco.com/cgi-bin/front.x/csec/idsAllList.pl

Yahoo Messenger Activity

Siganture Id/Sub Id 11200/0

Signature Description This signature fires when a Yahoo Messenger client login attempt to the default TCP port 5050 is detected.

IDS Version S46

Alarm Level 0

Benign Triggers Normal Yahoo Messenger activity will cause this signature to fire.

Signature Type NETWORK

Signature Structure ATOMIC

Implementation CONTENT

Related Vulnerabilities

3843 Instant Messaging

Siganture Id/Sub Id 11201/0

Signature Description This signature fires when an MSN new connection attempt to the default TCP port 1863 is detected.

IDS Version S46

Alarm Level 0

Benign Triggers Normal use of MSN instant messaging clients will cause this signature to fire.

Signature Type NETWORK

Signature Structure ATOMIC

Implementation CONTENT

Related Vulnerabilities

3843 Instant Messaging

Go to solution
rupadras
Cisco Employee
Cisco Employee
In response to nkhawaja

‎02-02-2005 01:27 PM

We have added a considerable number of signatures in the last few releases. For example, signatures 11019-11020, 11028-11031, 11200-11232 have been added in release S140. These signatures add greatly to our current coverage of IM and P2p products as well as providing more granular activity monitoring. However, They have been disabled by default. To use them, you have to enable them. We are in the process of releasing a few more soon.

0 Helpful

Go to solution
napoleoncrowe
Level 1
Level 1
In response to rupadras

‎02-03-2005 06:48 AM

I just updated the box to 140 so I'll go ahead and enable those. Thanks a ton!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card