About jodr

jodr · 08-26-2005

We have problems in VMS 2.3 (IDSMC/SecMon 2.1) to run the 24 Hour Metrics Report. It seems to run, but returns following error on opening the report : Error loading report: null.

jodr · 01-12-2005

I'm experiencing troubles in adjusting parameters for this 'Long Http Request' signature (5322). We have a lot of legitimate http traffic with rather long http requests (> 1000 char). So I tried modifying all parameters that have something to do with...

jodr · 10-27-2004

Hi,We need to enable the 'capture packet' parameter on all attack signatures on an idsm-2 V4.1.4 and sensor 4210 V4.1.4. We use CiscoWorks VMS for configuring all sensors, but there seems to be no way to enable this parameter for a selection of signa...

jodr · 07-14-2004

We receive many alerts concerning signatures 3153 and 3154. These are all related to legitimate ftp traffic. I've studied the IP loggings, but I can't find the reason why it's triggering. One typical situation is of an FTP script that is accessing a ...

jodr · 06-11-2004

Hi,After updating the signatures to S96, all signatures had been activated on all sensors/blades. However in the CW VMS from where we lanched the update, all signature configurations were still OK. So somehow something went wrong locally on applying ...

jodr · 10-20-2006

We opened a ticket to have some explanation ; this is what we received :'It looks that these events are summarized events - so its normal that we see that target address is 0.0.0.0. It means that these alarms are not generated for one event but for m...

jodr · 10-26-2005

I've installed this sig update on a 4240 sensor and it went out of disk space causing the update process to hang and causing eventually the whole sensor application to crash during a reboot. This is the second time I'm experiencing this issue ; it di...

jodr · 10-18-2005

I'm in the same setup of using IPS V5 on the sensors managed by CiscoWorks VMS with IPS MC 2.1. I can confirm same kind of troubles with the interaction between both softwares. Here is what I have experienced sofar :- there is a difference in syntax ...

jodr · 09-21-2005

Upgrade done ! The two last cleanups did the trick ! I had read one of your first answers for cleaning up /usr/cids/idsRoot/var/updates/files/S69 and /usr/cids/idsRoot/var/updates/files/common, but this did not free up enough space. But by also clean...

jodr · 09-21-2005

This is the error when trying to install the 4.1.(5) upgrade to a 4240 sensor :Applying update IDS-K9-sp-4.1-5-S189. Shutting down all CIDS processes. All connections will be terminated. The system will be rebooted upon completion of the update.Err...

Member Since	‎09-09-2003 05:41 AM
Date Last Visited	‎08-18-2017 03:51 AM
Posts	69
Total Helpful Votes Received	17

User Statistics

User Activity

24 Hour Metrics Report return null report

troubles configuring 'Long Http Request' signature (5322)

Packet capturing on ids

FTP Improper Port or Address false positives

Problems with IDS signature update S96

Re: Event whose target address is 0.0.0.0

Re: When will IDS-sig-4.1-5-S197 be available?

Re: IPSMC Unable to create "SigEvent action filters" with $

Re: IDS sig Updates (IDS-K9-sp-4.1-5-s189.rpm.pkg) Problem

Re: IDS sig Updates (IDS-K9-sp-4.1-5-s189.rpm.pkg) Problem