Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have just noticed that this signature has fired for 2 of our different clients but with the same source/ destination IP's. I would normally assume that this is either impossible or very strange. I think that might be where the name of the signature...
I have just noticed that this signature has fired for 2 of our different clients but with the same source/ destination IP's. I would normally assume that this is either impossible or very strange.I think that might be where the name of the signature ...
This is a brand new signature, that I have not seen before, with little info available, other than a few lines in Cisco MySDN.It states that;"This signature fires upon detecting an Internet Explorer Zone Bypass exploit, using Media Player to silently...
This is info that I have been given in the past, via this forum. It outlines a particluar methodology for tuning a given signature.0.0.0.0 as a target means the signature entered regular or global summary mode. When this happens, you'll get the initi...
My role is similar, in that we have to ticket IPS activity, informing the client what the signature means, cause & effect, plus a work round.You will find that info is sometimes missing from MySDN, as signatures are updated. In other words the name X...
I have tried google and it doesn't really give any more clues other than it can be converted into binary. Or it is a different numerical representation of the same thing (eg. hex, octal, or decimal).I would like an official opinion from Cisco, in ter...
The nature of this signature is an attempt to crash the device by having an IP packet with equal S & D. It is known as the Land attack, but does it matter what the IP's actually are?If it can never occur within legitimate traffic, then can we always ...
I have been discussing this with my colleagues and I am going to raise a TAC case. It seems to be the general consensus that any signature that fires with only a source IP (1-way)is a problem. I used to think that this was how it was, and that some s...
