Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm getting a lot of 5474/0 alarms (SQL query in HTTP request) due to people surfing to Yahoo. Is there a good way to set a filter on the IDS so the alarm is not generated from certain sites?
I have a 4255 with no working Admin password. However, I do have a working service account password. Is there a way to login to the service account and issue commands to either unlock or reset the admin password?
Are there any known issues with the 4507/x signatures working with SNMPv3 traffic? I'm getting a lot of 4507/6 alarms related to a new server which is using SNMPv3 to talk to various devices. I haven't found anything documented, but I'm speculating t...
The description of this signature says "This signature fires upon detecting out of old ack packets."That doesn't even make sense. Is that a type-o or something?What is it about Ack packets that causes this signature to trigger an alert?
Hello, I see from the IME documentation there are 4 MIBs which can be used to monitor the IPS. (They are: CISCO-CIDS-MIB, CISCO-PROCESS-MIB, CISCO-ENHANCED-MEMPOOL-MIB, CISCO-ENTITY-ALARM-MIB)I would like to find out whether it's possible to use thes...
I should have also mentioned that the Yahoo traffic does contain SQL language which is causing the alarm to trigger. I would like to filter out sites such as Yahoo, but still let the alarm trigger on other sites. If I were to use an event action filt...
It just means the signature description is not contained in the application you're using to reach the IPS. You should be able to look up the signature from Cisco.comhttp://tools.cisco.com/security/center/ipshome.xhttp://tools.cisco.com/security/cent...
Try using Atomic IP engine, for any packet using TCP/23 drop the packet.There's also some signatures which detect Telnet over non-standard ports which you might consider turning on.
