Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
310
Views
0
Helpful
2
Replies

Custom signature for non-HTTP traffic

ikobisher3
Level 1
Level 1

‎06-24-2004 03:30 PM - edited ‎03-09-2019 07:51 AM

How can I create a custom signature that triggers only when there is not HTTP traffic from a specific IP to a specific IP.? I want to create a policy based signature that detects the anomaly of non-HTTP traffic to a web server. Is there a way of doing this from IDS MC?

Thanks

IK

Labels:
0 Helpful
2 Replies 2

mkodali
Cisco Employee
Cisco Employee

‎06-25-2004 07:38 AM

In the current release this can be done using string.TCP engine, thought it is a bit of performance hit to examine all the strings for TCP sessions from or to this port. With this engine you can create a custom sig looking for regex you want to examine for non-HTTP traffic and specify the web server ports.

0 Helpful

ikobisher3
Level 1
Level 1
In response to mkodali

‎06-25-2004 08:06 AM

Thanks. I thought about that solution too, but I was concerned about the fact that all packets will be monitored. But since this sensor will monitor the backend of a content switch doing SSL offload, I think the traffic will not be as heavy as other potential sensing locations. Thanks for your response.

0 Helpful
Customers Also Viewed These Support Documents