Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
425
Views
0
Helpful
2
Replies

New signatures

7dallen
Level 1
Level 1

‎11-04-2004 08:18 AM - edited ‎03-09-2019 09:20 AM

Hello,

My question is in regards to a few of the last signature releases, starting around SIG 110. There are several signatures being called NEW that are infact relatively old signatures and are not enabled by default. For example Signature 111 has the following:

9406.0 Back Door G-Spot High No

9413.0 Back Door Hell Driver High No

9450.0 Back Door Blaaaaa High No

9471.0 Back Door Gift High No

9511.0 Back Door Windows Mite High No

9513.0 Back Door Infra High No

9515.0 Back Door Kuang High No

9516.0 Back Door Butt-man High No

9518.0 Back Door Event Horizon High No

9519.0 Back Door Latinus High No

9519.1 Back Door Latinus High No

9520.0 Back Door Le Guardien High No

9521.0 Back Door Mantis High No

9522.0 Back Door Masters of Paradise High No

The last signature #124 disabled the following

3179.0 ftpdchk DOS High No

3315.0 Microsoft Windows 9x NetBIOS NULL Name Vulnerability High No

3316.0 Project1 DOS High No

3466.0 RAS/PPTP Malformed Control Packet DOS High No

Are these old signatures as well? If so why is Cisco calling them New?

Thanks in advance.

Labels:
0 Helpful
2 Replies 2

7dallen
Level 1
Level 1

‎11-05-2004 06:28 AM

No response on this topic?

I need to know if these are indeed old signatures being re released from Cisco to be included in the 4.x IDS sensors. I have to evaluate each signature that is not enabled and determine it's impact on operations if enabled or not. Everyone using these security products are depending upon Cisco for the validity of these signatures.

Back in May of this year the following post was made.

----Post----

The signatures were disabled to imp... by mcerha - May 18, 2004, 11:21am PST

" mcerha - Cisco Systems

May 18, 2004, 11:21am PST

The signatures were disabled to improve the performance of the default sensor configuration. All of the signatures that were disabled were significantly old (two+ years) and deemed to be not very relevant in today's typical networking environment. When a signature is disabled, we document this in the Readme shipped with the signature update. This will be an ongoing procedure as we evaluate our older signatures "

-- End Post --

If these are old signatures, there was not any documentation to identify they are. However, these signatures are pretty old based on the release dates listed on various security web sites. And the other question is why are these being put back in the IDS based on the above statement.

0 Helpful

rupadras
Cisco Employee
Cisco Employee

‎11-08-2004 08:34 AM

New signatures are those that are included in the latest release only. Cisco occasionally provides coverage of old vulnerabilities for the sake of completeness. Due to the age of these vulnerabilities, the signatures are disabled by default. These are not new vulnerabilities, just new signatures.

0 Helpful
Customers Also Viewed These Support Documents