Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
0
Helpful
1
Replies

Does signature no 5351 work correctly???

gborhan
Level 1
Level 1

‎03-27-2003 11:10 PM - edited ‎03-09-2019 02:40 AM

Our IDS shun some regular web pages due the signature no 5351. Is this normal? Is there any risks to allow traffic containing this signature code?

Labels:
0 Helpful
1 Reply 1

drolemc
Level 6
Level 6

‎04-02-2003 01:26 PM

If indeed regular web pages are being wrongly shunned, you could fine tune your setup to exclude signature/s wrt a specific host or network address. The process is described at http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a008009404e.shtml. However, you need to be careful while doing this. Purging could cause False negitives or the faliure to detect actual malicious activity. Another thing, I don't think that signature 5351 is supported by Cisco IOS. This is as per the 'Cisco IOS Intrusion Detection Systems Signature List' at http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_data_sheet09186a008014c532.html.

0 Helpful
Customers Also Viewed These Support Documents