Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I am trying to convert this snort sig and would like to shun the attacker. alert tcp any any -> $HOME_NET 22 (msg:"BLEEDING-EDGE Potential SSH Brute Force Attack"; flow:to_server,established; flags:S; threshold:type limit, track by_src, count 5, seco...
Is it recommended to enable all sensing interfaces (eth7&8) in this case?I actually tried to, but it seems that all traffic always go to eth7. Am I missing something?Thanks!
We are using a Catalyst 6000 to load balance traffic from various switches into several ids sensors. We span each switches and forward the traffic to ports with different VLANs on the Catalyst 6000 to make sure that the traffic coming in the 1st por...
According to the TAC, it seems to be bug CSCef42396.And, the workaround is to reboot the device.http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=+CSCef42396&Submit=SearchI reset the module and it came back fine.Just hope that it won't hap...
I am trying to convert this two snort signature into cisco ids sigs. since this is my first time using the custom signature function, can someone helps me out here, especially the regular expression part?Snort Sig 1.alert tcp any any -> any any (msg...
