Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
1
Replies

Documentation

flaggmd
Level 1
Level 1

‎09-21-2004 09:28 AM - edited ‎03-09-2019 08:51 AM

I am having trouble finding decent IDSM-2 Docs. Currently, I want to write some custom signitures but can find no documentation. Any recceomendations?

The signiture I want to write is to detect hits on ports 6667.

Labels:
0 Helpful
1 Reply 1

marcabal
Cisco Employee
Cisco Employee

‎09-21-2004 11:39 AM

Main doc link:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/index.htm

4.1 Specific Docs from above:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/index.htm

Custom Sig specific docs from above:

Signature Engines:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swappa.htm

Custom Signature Wizard in IDM:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids10/idmiev/swchap3.htm#31623

Sounds like what you want is signature for a TCP packet signature with the TCP SYN flag set with a destination port of 6667.

OR a UDP packet signature with a destination port of 6667.

Both of these can be created through the Custom Signature Wizard.

If you are using IDS MC, then I still recommend using IDM to create the initial Custom Signature in the Custom Signature Wizard. You can then look at the created signature in IDM or in the CLI with "show configuration" and then you can use the generated paramters to create the same signature in IDS MC and push it to the sensors.

0 Helpful
Customers Also Viewed These Support Documents