Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Hello all,I was just curious if anyone else has had many false positives with 3 signatures in particular: TCP Hijack (3250.0 - High), TCP Hijack Simplex Mode (3251.0 - High), and TCP Segment Overwrite (1300.0 - High). The reason I think they are fals...
Hello all,I was wondering if anyone had any good MARS tutorials or reference materials? I can't seem to make this thing do anything useful, partly due to rather limited access to the program, but mainly due to my lack of knowledge of what it can pote...
Hello all,We recently added a bunch of IPS to our internal networks (we originally only had them on the perimeter). Since we implemented these IPS (running 5.x), we have seen a massive increase in the number of TCP SYN Host Sweeps.I looked a little f...
Hello,I'm currently interning at a company using many of Cisco's IPS/IDS. One of my primary responsibilities is researching signatures used by the various devices to get a better understanding of what signatures should be activated.I am have an extre...
I would have to second what you are feeling. Our current implementation makes the device virtually useless.As it stands how, it merely logs the IPS alerts and tries to determine false positives. Even then, I think it's questionable how efficiently th...
I think I will take your advice and try to bump it up to 50 or even 100.Thanks to everyone for the advice!(Hopefully I won't have to dredge up this topic again!)- Ryan
I was wondering if you could tell me how you tuned your signature? I agree that it seems like a very useful signature if it is tuned properly.If you don't mind, would you explain what changes you made, and what SEM you used? We have VMS, and we have ...
