Does anyone have a signature that identifies infected Welchia.B machines? If you are using a built in signature can you please tell me which one you are using? Many thanks, Lance
You'll see the sudden increase in traffic to port event fire once an anomaly is detected. If you then look at the details of the event you'll see output that looks something like this:Traffic anomaly to host x.x.x.x at port 80. Flow/Session count th...
You can get it to work with a banner you just have to play w. it a little. MARS attempts to log into the device by looking for particular characters, for example: login> , you can edit the characters it looks for before it passes the username. -Lance
If you have cisco works or some other software that can export a seed file you can then import that file into MARS. If you don't have an NMS app available you can create the seed file in CSV then import it. The fields needed are in the manual I beliv...