09-17-2008 04:39 AM - edited 03-10-2019 04:17 AM
hi,
we are currently comparing cisco ips to tippingpoint, i have a cisco ips in front and tippingpoint in the back, so we are checking if cisco ips is missing on a lot of stuff , and currently it is missing on SQL injection attacks and cross scripting, which seems to be the weak point in cisco ips, its missing a lot on sql injection signatures, i mean why a simple update/set command does not have a signature ?
09-17-2008 06:45 AM
Cisco just recently added some "generic SQL injection" signatures. Are you on the latest signature release? 5930-0 thru 5930-6 are the new ones. There is no update/set one though AFAICT. 5474-0 and 5474-1 are the only other signatures I'm aware of.
09-18-2008 01:35 AM
Thank you for your reply, do you know how to get in contact with the ips signature engineers at Cisco , i would like to share my comparaison with them as well as an attack that is passing all sql injection signature containing update but with u%pdate and the sql database is interpreting it as a normal update.
09-18-2008 03:59 AM
Send us an email to ips-signature-team@cisco.com one of the signature developers will pick it up.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide