01-21-2004 08:48 AM - edited 03-09-2019 06:11 AM
I would like to create a signature that would ignore all incoming traffic destined for port 53 from certain IP addresses. I would allow all, but we are not that trusting. Also, I would like to allow any traffic destined to certain IP address access to Port 8080. I am pretty new at designing signatures, but I follow instructions well.
Thanks
Dwane
01-21-2004 09:20 AM
Sounds like you need ACL's on a firewall, not signatures on your IDS.
01-21-2004 11:24 AM
We do have ACLs on the firewall, but there are particular signatures that sneak through the IDS machine such as Long WebDAV. Plus, certain signatures have known false positives like sig 4003 which triggers when initiated from DNS servers. Thanks
01-21-2004 10:27 AM
you may want to refer to this thread
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide