Sensor signatures may include instructions to block sources of a particular attack, whenever that attack is detected. It is also possible to have a trusted network device whose normal, expected behavior appears to be that attack. Sensor signatures can be set to ignore a particular perceived attack when its source is a trusted network device.
Using the Cisco Intrusion Detection System (IDS), these are the two signatures related to Kazaa:
11000: Kazaa version 2 User Datagram Protocol (UDP) client probe:
Kazaa is a common Peer-to-Peer (P2P) file sharing application distributed by Sharman Networks. Kazaa clients maintain a loosely meshed, decentralized network of systems sharing files. Certain nodes with sufficient bandwidth and resources serve as supernodes on the network providing a distributed search function.
Kazaa clients send UDP packets to various systems searching for another Kazaa peer. This signature fires when the keyword "Kazaa" is seen in a UDP packet destined for UDP port 1214 (SubSig 0), 1531 (SubSig 1), or from port 3861 (SubSig 2).
11005: Kazaa GET request
The signature fires when a client request to the default Kazaa server port (Transmission Control Protocol (TCP) 1214) is detected.
If you want to use a firewall, you can try to block ports UDP 1214, 1531 and 3861 TCP 1214.
Hi,I have a landing page hosted in ISE, where I collect guest users information. I'm looking for a script that I can use to change the way users input data. My current form looks like this: I would need a script that can customise "Reason for v...
Hi dear friends, Can you help me about my case I have a Cisco ISE which are integrated with Domain Controller. Also I have Cisco AnyConnect which I used for remote VPN which is located to ASA Firewall. I want that Ipad devices which are on...
Hi I am renewing the EAP and Admin Cert for an ISE Cluster that consist of 6 Nodes ( 2 PAN, 2 Mnt and 2 PSN). How should I proceed with CSR binding (6 CSRs, Multi-usage CSR per Node)? should I Bind PAN (Pri) first? or should I start with PSNs and Mnt...
Here's my situation. I had the Cisco Anyconnect Mobility client installed on my work laptop. When I got let go last week, I didn't want to lose all my data, so I bought a new personal MacBook Air M1 laptop, and imported my work profile on to it. I di...