Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Ralsky's spam gang is doing widespread SMTP AUTH bruteforce attacks. They're succeeding. Has anyone developed a custom sig for SMTP AUTH brute force attack?
The HTTP CONNECT sig should handle some of that, I think. If the proxy actually uses the HTTP CONNECT method, anyway. At very least, it can be used to block malicious users from scanning your network looking for servers with the CONNECT method enab...
I have not seen a best practices document. We've been using Cisco IDS/IPS since we bought our first 4230 a few years back. We have found that the smart approach for us, when installing IDS into a new network or installing a new IDS into an existing...
One theory I have regarding these, especially if you are correct and it detects duplicates, is that if, like us, you're sending an IPS unit traffic streams from multiple sources and the traffic happens to traverse both sources, it may be seen as dupl...
I would like to see some clearer guidelines on resolution of this problem, if they exist. "Increase this, and maybe tweak that" just isn't that helpful. I increased the first param from 10000 to 30000, and I'm still seeing 1204's and 1208's coming ...
Not to throw things in a different direction, but I found something that's somewhat telling. When my sensor hung last, as stated before, AnalysisEngine did not crash, but most of the memory was used up. In the "show int" stats, it showed over 835,0...
