Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm getting syslog messages from IOS 12.4(9)T3 that I can't figure out what to do with, e.g.: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:1102628888 576 bytes is out-of-order; expected seq:1102605840. Reason: TCP reassembly queue overflowI've searc...
I'm trying to figure out how to select signatures. I suppose one could just watch the alert chatter and disable or delete signatures that seem too noisy. Doesn't seem very secure. I'd prefer to analyse the traffic that's triggering them, but if I ...
I'm getting some alarms for signatures that I think are a bit too sensitive -- 3051, for example. It makes sense to me to adjust the Minhits or AlarmInterval to make the signature less sensitive, increasing the level of activity before an alarm occc...
The only VMS I know about is an operating system from DEC. Used it for years. Presume it's not the same. If VMS is management software for IPS, all I have is SDM. All the management software I know of from Cisco costs much more than the router it...
I can only find pricing on IDS-4215: NOT cheap for small businesses that have no on-site IT staff. More expensive than the 1811W router with IOS IPS.The Cisco techs don't recommend 5.x for IOS yet -- they say it has issues. I'm not clear what the d...
There's a term from mathematics: "necessary but not sufficient". That's MySDN. Sure, it's a great site, but without knowing more detail about what triggered the alerts, I can't make a valid decision about how to respond.I'm running an 1811w with ver...
I found this response really frustrating.As the thread title says, it's IOS IPS. That's a router with IPS on it.Looking up messages in MySDN is obviously NOT sufficient. A large number of signatures may or may not be attacks. How can I tell? Shou...
