Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Is there a way to write a custom signature that looks for a IP address making rapid connection attempts to an IPSec termination device trying to brute force a pre-shared key? Would this be something the Anomaly Detection engine would detect?
Luis,Try disabling all of the TCP Drop (1330) signatures on the IPS. These signatures look at the packet headers and drop all packets that do not meet RFC specifications.1330-0: TCP packet has bad checksum. This signature will not produce an alert in...
