Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
The signature Apache Host Header Cross Site Scripting was released in the S37 update. In the readme and when implemented the default level is 5. If you read the definition in the NSDB it says:This signature triggers when an HTTP Host: header is recei...
I am having problems with the traffic I am seeing on my sniffing interface. I had the switch admin SPAN the traffic I wanted to the sniffing port but all I see is this:Using device /dev/spwr (promiscuous mode) ? -> * ETHER Type=8...
In the notes for the new S31 release it says that signature 3050 (Half-Open SYN) has been tuned, but it does not say in what way. Can someone give me some insight into this? Thanks.
Is it possible for CSIDS to log the entire packet when triggering an alarm? I know some context is put into the context field, but it is hard to use this to confirm an attack without a doubt. Having the whole packet would help. Thanks.
After installing the S23 update on a 4230 I notice that the SSH version note says "Cisco Intrusion Detection System modifications included". What modifications were actually made to SSH and why were they need to be made? Thanks.
How can I see normal traffic, not the dot1q traffic? I would rather not have to modify my sensor to see it but rather modify the switch to strip the VLAN headers or however it would accomplish it.
You should be able to copy the packetd.conf, SigSettings.conf and possibly the SigUser.conf (if you have done any signature tuning). That should move the settings from one sensor to another.
That gives some information but it does not talk about all the parameters, nor does it give much deatil above what it gives already in nrConfigure. Does anyone have more detailed information or can someone tell me specifically how to tune the sig so ...
