About mai2mai2m

mai2mai2m · 12-14-2007

If the conditions match two signatures, do they both get triggered or only the first one?Thanks

mai2mai2m · 10-30-2007

According to CISCO doc, the signatures can be classified as exploit, connection and string-based.Are the exploit signatures based on known vulnerabilities or exploit pattern, or both?After tuning alerts on the relevant contexts, would manually matchi...

mai2mai2m · 02-11-2008

Still firing on xxxx in our case. We are running IPS-4260 with the signature S291.0 of 2007-06-18. The smtp payload of the triggering packet starts with xxxx.Thanks,

mai2mai2m · 12-17-2007

Thanks Brad. Regarding the "both triggered", would there be any CISCO document I can refer to?

mai2mai2m · 12-17-2007

Thanks for your responding.Yes, looks like the CISCO wizard only allows to filter based on signature ID, ip, port, and risk. Is it poosible to filter on other fields in the header or payload?

mai2mai2m · 12-17-2007

In CISCO IPS, can we wrtie a 'pass' rule to ignore good traffic and prevent it from trigger other signatures that cannot be turned off?Thanks

Member Since	‎10-30-2007 02:37 PM
Date Last Visited	‎08-18-2017 03:56 AM
Posts	6

User Statistics

User Activity

signature triggering

ips signatures

Re: Non-SMTP Session Start Question

Re: signature triggering

Re: signature triggering

Re: signature triggering