Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Is there a signature to cover this one already because if there is my sensors are not seeing it. I tested against my lab sensors. The exploit was successful and the sensors did not fire an alert. I ran tcpdump to make sure they were actually seein...
Any idea why generating a simple configuration for a single sensor takes more than 1 full minute? The whole process to make a sensor config change is slow at best yet the server is showing 1.2 GB free mem, procs are running very low, yet this proces...
This may have been covered already but I haven't seen it. Is there a version of IDSMC available for SUN? I'm using Unix Director now but need to move to IDSMC to take advantage of version 4.0. Since I only see a Windows version for CiscoWorks 2000...
I had the same problems with a couple of my sensors. I created a TAC case but I could tell they didn't know what was causing it. So, I opted to reimage my sensors to version 4.1 S47 and start over from scratch. I hated to do it but I tried everyth...
Yes, 4000+ a day. I will submit code tomorrow so Cisco can analyze it a bit better. Maybe we have a weird setup but I really don't think so. If these are positive then I have other issues to deal with. As soon as the sig was sent to the sensors i...
Yes, that is exactly what I am saying. I used Metasploit for the testing. I could not get any signature to fire. Nor did my bloodhound definitions fire for Symantec AV and the exploit was successful. I did a reverse shell and it worked perfectly....
I am also seeing thousands of false positive alerts daily. (4000) They are all triggered by valid traffic. I enabled packet capture to make sure but apparently those packets are exceeding the 2000 threshold. I have tuned the signature to Medium fo...
I have that exact config actually. One server running IDS MC and the other running Sec Mon. Still it is a very slow beast. I really see Java as the main killer here, at least the way it is coded. It still works, it is just very slow which is not g...
