Have you enabled the virtual sensor (vs0) on the IPS?If you IDM into the IPS, you can check the following:Configuration --> Policies --> IPS Policies --> edit "vs0" --> tick "Assigned" for gig3/3 --> OK --> click "Apply"I noticed that as soon as th...
Hi Faiz,It sounds like you may have been able to isolate the issue.For future reference, if you would like to keep this signature (1330-14 in this case) enabled on the IPS for all of your other hosts but want it tuned to not alert on the particular p...
The Threat Defense Bulletins can be found here. http://tools.cisco.com/security/center/bulletin.x?i=57To subscribe to either the HTML or text version of the list:To subscribe to the HTML version of the mailing list: Send an e-mail message to ips-bull...
Hello Archit, There's a very good document on writing custom signatures for the Cisco IPS here:http://www.cisco.com/web/about/security/intelligence/ips_custom_sigs.htmlHope that helps!
blackswans, you may also be able to use: Signature 6250-0 - FTP Authorization Failure"Triggers when a user has failed to authenticate three times in a row, while trying to establish an FTP session.This may be indicative of a brute force password gues...
