About ntrngrusr

ntrngrusr · 03-30-2006

Is there a signature to cover this one already because if there is my sensors are not seeing it. I tested against my lab sensors. The exploit was successful and the sensors did not fire an alert. I ran tcpdump to make sure they were actually seein...

ntrngrusr · 01-27-2006

Any idea why generating a simple configuration for a single sensor takes more than 1 full minute? The whole process to make a sensor config change is slow at best yet the server is showing 1.2 GB free mem, procs are running very low, yet this proces...

ntrngrusr · 07-23-2003

This may have been covered already but I haven't seen it. Is there a version of IDSMC available for SUN? I'm using Unix Director now but need to move to IDSMC to take advantage of version 4.0. Since I only see a Windows version for CiscoWorks 2000...

ntrngrusr · 08-10-2006

I had the same problems with a couple of my sensors. I created a TAC case but I could tell they didn't know what was causing it. So, I opted to reimage my sensors to version 4.1 S47 and start over from scratch. I hated to do it but I tried everyth...

ntrngrusr · 03-30-2006

Yes, 4000+ a day. I will submit code tomorrow so Cisco can analyze it a bit better. Maybe we have a weird setup but I really don't think so. If these are positive then I have other issues to deal with. As soon as the sig was sent to the sensors i...

ntrngrusr · 03-30-2006

Yes, that is exactly what I am saying. I used Metasploit for the testing. I could not get any signature to fire. Nor did my bloodhound definitions fire for Symantec AV and the exploit was successful. I did a reverse shell and it worked perfectly....

ntrngrusr · 03-30-2006

I am also seeing thousands of false positive alerts daily. (4000) They are all triggered by valid traffic. I enabled packet capture to make sure but apparently those packets are exceeding the 2000 threshold. I have tuned the signature to Medium fo...

ntrngrusr · 02-06-2006

I have that exact config actually. One server running IDS MC and the other running Sec Mon. Still it is a very slow beast. I really see Java as the main killer here, at least the way it is coded. It still works, it is just very slow which is not g...

Member Since	‎07-23-2003 12:24 PM
Date Last Visited	‎08-18-2017 03:50 AM
Posts	9

User Statistics

User Activity

Microsoft Internet Explorer mshtml.dll createTextRange()

VMS 2.3 on Solaris - Slow config generation - Java Issues?

IDS MC VMS for SUN

Re: Error Upgrading IDS 4.1 to IPS 5.0

Re: False Positives with S222's 5737 Signature

Re: Microsoft Internet Explorer mshtml.dll createTextRange()

Re: False Positives with S222's 5737 Signature

Re: VMS 2.3 on Solaris - Slow config generation - Java Issues?