Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Twice in two weeks the Event Viewer has quit showing alerts. It takes restarting the services from CW to have events start showing up again. Looking through the logs on the server, I found one log file with errors at the corresponding times for whe...
Good morning, I have been asked by management to create a signature that will detect all traffic from a particular IP on our network. This is how I tried to set it up:String.tcp engineServicePorts: 1-65535 (Yes I realize this will cause a signifi...
I am trying to view the list of signatures that were disabled in the S61 upgrade. The bugid we are given is CSCec88388. I keep getting told that it doesn't find that id. Can someone verify if this is the correct ID or link directly to that bug ple...
Is anyone else having trouble getting into the Cisco FTP server? Once it reaches that point and prompts me for a username and password I get an error that Internet Explorer cannot open that site.I have tried ftping to the ftp.cisco server and can ge...
I updated my 4235 today with 3.1(4)S53 and S54 through VMS. I didn't watch VMS closely between updates so I'm not sure which update did it; I just verified on the sensor that S53 was installed and then pushed out S54. In VMS that sensor lost it...
Good grief! How quickly can y'all get a patch to fix this? VMS pushed out the S96 signature pack to our sensors and while VMS shows the correct config, the sensors turned on all alarms. Pushing out a configuration file from VMS to each sensor seem...
I am seeing this traffic as well. I am seeing about 150 attempts a day from the internet to our firewall. The signatures that I see fire are 1204-No Initial Frag and 1208-Incomplete Datagram, source and dest port 16191. This is seen by a 4235 runn...