About a.arndt

a.arndt · 10-07-2005

Good day,My boss has asked me if there is any value-added in regards to Cisco's recent move to charge separately for hardware and software support for the IDS/IPS product line.Other than the obvious (need software support for signature updates, need ...

a.arndt · 09-19-2005

Let me begin by stating that I am running Cisco IDS Version 4.1(5)S190 on an IDS-4235 sensor...I have a requirement to identify any UDP port 53 traffic emanating from my network where the overall UDP packet size exceeds 1024 bytes.I’ve tried to use t...

a.arndt · 07-29-2005

Good day,While I know that, unlike IPS v5.0 where you can configure interface-specific settings via IDM, you cannot adjust interface settings using IDM in v4.1.I was wondering if it was possible to set these things, however, via the service account?C...

a.arndt · 07-19-2005

I have yet another possible false positive signature. This time it is SigID 3334 - Windows Workstation Service Overflow.Here's a capture from the EventStore on the sensor, again with the signature modified so that it captures the offending packet (Ca...

a.arndt · 07-18-2005

Here is a packet captured by the IDS that triggered SigID 3353 - SMB Request OverflowevAlert: eventId=1075708170032493259 severity=high originator: hostId: cisco-ids-v4.1 appName: sensorApp appInstanceId: 1134 time: 2005/07/18 14:53:30 2...

a.arndt · 06-28-2006

Marcoa,I tried to access the link you provided but I can't get passed the username/password prompt my browser is giving me.I know my username/password is OK (or I wouldn't be able to post this reply), so I can't figure out why I can't access that URL...

a.arndt · 06-27-2006

There is a way to make the underlying Red Hat operating system perform ntp time syncs without using authenticated ntp, but it is not supported by Cisco. Furthermore, most folks agree that unauthenticated ntp will cause any evidence collected via your...

a.arndt · 06-27-2006

Was an official press release, or some other notification, sent out on the date that IDS/IPS 4.x signature support would end?If so, could a link to this announcement be provided?Thanks!

a.arndt · 11-16-2005

True, but now you've customized the sensor's configuration without necessarily proving that it was properly configured to begin with.If the author of the original question has the intention of testing the configuration of the IPS, or more specificall...

a.arndt · 11-15-2005

You could use one of the following tools to generate traffic that the IPS could react too.Open Source examples of VA tools include Nessus or Nmap. Also, Stick and Snot come to mind, as they were developed specifically to test security devices. If you...

Member Since	‎10-30-2002 05:45 AM
Date Last Visited	‎08-18-2017 03:50 AM
Posts	255
Total Helpful Votes Received	161

User Statistics

User Activity

Price Changes for Support Contracts for Cisco IDS/IPS

Possible to construct an alarm to look for oversized DNS?

Configuring speed and duplex settings of monitoring NIC under IDS v4.1

Possible false positive issue with SigID 3334

Possible false positive issue with SigID 3353

Re: IDS 4235 Password Recovery problem

Re: how to configure *nix ntp server for IPS

Re: IDS 4235 Password Recovery problem

Re: IPS Test Files

Re: IPS Test Files