About apolkosnik

apolkosnik · 09-12-2006

I have an IDS "listening in" on two switches. Problems begin when a host connected to switch1 talks to another host connected to switch2. Apparently I can see the packets twice (the only difference is TTL decreased by one). To make it more interestin...

apolkosnik · 10-04-2007

Most people just don't want to be bothered with tweaking. If it's too noisy, it gets disabled.

apolkosnik · 10-03-2007

Is it just me or lately the quality the signatures out of the box is less than satisfactory?

apolkosnik · 08-30-2007

Check out the thread titled: IDS-4235 boots to GRUB after applying 6.0(3)E1... I had to go to the ROMMON and from there set the IP,mask,gateway and tftp the recovery image (which gives you a pretty much an unconfigured device, unless there's somethin...

apolkosnik · 08-29-2007

Wait a sec, it can use any arbitrary udp port even on non-windows boxes?Just got a couple of false positives from a dns server. Again, it triggered on Transaction ID.

apolkosnik · 08-29-2007

Even with S299, I got false positives from NB traffic on port 137 thrown by SigID:5894/1. It appears that NBNS chatter doesn't sit well with this signature. For instance: one of the false positives triggered on Transaction ID from the NetBios Name Se...

Member Since	‎09-12-2006 01:48 PM
Date Last Visited	‎08-18-2017 03:53 AM
Posts	8

User Statistics

User Activity

IDS and two switches

Re: 5894:1 Storm Worm

Re: 5894:1 Storm Worm

Re: IPS 4240 is not booting

Re: Storm worm

Re: Storm worm