Hi ,
What will happen if license will expire on ASA5545-IPS
Will it stop running? Will it stop filtering even with current signature sets?
or will it only stop getting new signatures?
Regards,
Jhun
Please evaluate if the signature (6322) Microsoft Windows Information Disclosure Signature is OK as it seems I am receiving lots of false positives alert.
Hi,I am receiving alerts related to Cryptowall signature which was newly release. The detection are from Internal source.I am wondering if this is also the same with BASH vulnerability signature which was revised due to false positives detection.
Hi , Using ASA-5545 IPS and using IME to manage the IPS.What is the best way and procedure to block and IP / IP range?Also, how can we whitelist an IP? Regards,Jhun
Hi, Question 1:From which signature in reconnaissance can detect scanning such as nmap or qualys.?I performed scan but none is detected. I think it is not just enabled. Question 2:I may allow scanning from time to time but with source address defined...
I have also experiencing this kind of problem.We already patched the internal attacker IP and the events are still appearing.Victim IPs are mostly to Amazon.
Thanks for the reply.I will try your recommendation.BTW, i tried to block an attacker IP from the Event Monitoring of IME.1. Stop Attacker -> Using Inline Deny . It led me to time-based actions.2. Then I enter the information . But after a few minute...
Thanks Mike for the response.But if the command is not present in the config, will that mean that it is not enabled?e.g if "no service finger" is not in the config file, the finger service is not enabled.
Thank you for your input. This answer my first query. How about my second query.?b) How to check if the IPS is analysing bidirectional traffic ( incoming and outgoing)?