Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Good day,My boss has asked me if there is any value-added in regards to Cisco's recent move to charge separately for hardware and software support for the IDS/IPS product line.Other than the obvious (need software support for signature updates, need ...
Let me begin by stating that I am running Cisco IDS Version 4.1(5)S190 on an IDS-4235 sensor...I have a requirement to identify any UDP port 53 traffic emanating from my network where the overall UDP packet size exceeds 1024 bytes.I’ve tried to use t...
Good day,While I know that, unlike IPS v5.0 where you can configure interface-specific settings via IDM, you cannot adjust interface settings using IDM in v4.1.I was wondering if it was possible to set these things, however, via the service account?C...
I have yet another possible false positive signature. This time it is SigID 3334 - Windows Workstation Service Overflow.Here's a capture from the EventStore on the sensor, again with the signature modified so that it captures the offending packet (Ca...
Here is a packet captured by the IDS that triggered SigID 3353 - SMB Request OverflowevAlert: eventId=1075708170032493259 severity=high originator: hostId: cisco-ids-v4.1 appName: sensorApp appInstanceId: 1134 time: 2005/07/18 14:53:30 2...
Marcoa,I tried to access the link you provided but I can't get passed the username/password prompt my browser is giving me.I know my username/password is OK (or I wouldn't be able to post this reply), so I can't figure out why I can't access that URL...
There is a way to make the underlying Red Hat operating system perform ntp time syncs without using authenticated ntp, but it is not supported by Cisco. Furthermore, most folks agree that unauthenticated ntp will cause any evidence collected via your...
Was an official press release, or some other notification, sent out on the date that IDS/IPS 4.x signature support would end?If so, could a link to this announcement be provided?Thanks!
True, but now you've customized the sensor's configuration without necessarily proving that it was properly configured to begin with.If the author of the original question has the intention of testing the configuration of the IPS, or more specificall...
You could use one of the following tools to generate traffic that the IPS could react too.Open Source examples of VA tools include Nessus or Nmap. Also, Stick and Snot come to mind, as they were developed specifically to test security devices. If you...
