About yuliang13

yuliang13 · 05-28-2009

hi, anyone has any sample configurations ? i just look at look at pdf guide and could not understand it. a few questions too. 1. The IPS signature id 13000 +- is using 'traffic anomaly engine' , it is related to AD settings ? is it correct to say th...

yuliang13 · 01-20-2009

hi, lately i've been hammered badly by this signature. the funny thing is the destination ports are highports ,etc 1025,5000,etc (non netbios) . i noticed this signature has been firing frequently since ms08-067. anyone having the same experience ? i...

yuliang13 · 01-20-2009

hi cisco, i find that there are no-viewable regex for some of cisco IPS signature version 6 rules. eg . 7280 sub 0. Can i confirm that cisco has hide all these important rule from being displayed? thanks

yuliang13 · 06-03-2009

anyone can help me to fully utilize this function ? thanks

yuliang13 · 05-31-2009

perhaps you need to write a custom signature

yuliang13 · 03-03-2009

hi, yes it's related to that. i'm using the exploit for that vulnerability and it triggered signature 8 only. i think this means sub id 8 should be quite important right?

yuliang13 · 03-03-2009

Hi martin,thanks for the reply. I've tried RPC DCOM exploit over this signature. only the subsig 8 was triggered upon the exploit attempt. Do you think this signature is important ?

yuliang13 · 03-03-2009

cisco IPS seems very ineffective as an IPS

Member Since	‎01-20-2009 06:48 PM
Date Last Visited	‎08-18-2017 03:54 AM
Posts	12
Total Helpful Votes Received	1

User Statistics

User Activity

Cisco IPS anomaly engine

Windows RPC DCOM Overflow sub id 8

No regex for IPS signatures?

Re: Cisco IPS anomaly engine

Re: Gumblar Bot Net - IPS Signatures

Re: Windows RPC DCOM Overflow sub id 8

Re: Windows RPC DCOM Overflow sub id 8

Re: Windows RPC DCOM Overflow sub id 8