About roxanne.tsui

roxanne.tsui · 01-25-2006

Hi, do we have a signature for the blackworm, or instructions for creating a custom signature to detect it. (http://isc.sans.org/blackworm) Thanks.

roxanne.tsui · 03-10-2005

Hi, is there a command in IDS V4 which would show the serial number of the sensor, similiar to the show idprom for switches? Thanks.

roxanne.tsui · 03-10-2005

In IPS V5 Inline Mode, should the second interface (where a packet comes out) of a paired interface be configured as a span port or a regular port? Where can I find more info about this? Thanks.

roxanne.tsui · 01-27-2005

I used the idsDbCompact utility to compact the SecMon database which took a few hours. After the compaction, I cannot find in the database any alerts generated by the sensors during the compaction period. Is there a way to recover/retrieve those al...

roxanne.tsui · 12-21-2004

We noticed that some of the events triggered by signature 4003 (Nmap UDP Port Sweep) look like responses from external DNS servers. The signature description also mentioned about this scenario. We wish to understand why the signature cannot track c...

roxanne.tsui · 05-20-2006

Does this procedure supports the V5.03 version as well? We are trying out the product; and need to do some diagnostics. Don't seem to get the prompt to select the image for single user login. Hope you can help.Thanks.

roxanne.tsui · 01-29-2006

Please advise how to create a signature (service.http engine?) that would trigger if it finds regex pattern A in an HTTP request which does not contain the pattern B?Thanks.

roxanne.tsui · 03-09-2005

I am also interested in understanding the high availability options. I found the following in the IPS V5 datasheet:Auto and manual sensor bypass configuration-High availability can be achieved through numerous mechanisms for Cisco IPS sensors. Resil...

roxanne.tsui · 01-28-2005

Thanks Faris. I performed the DB compact as described in the doc. The SecMon is functioning properly after the compact. I understand that the SecMon cannot poll alerts from the sensors during the compaction. I had expected it to resume alerts subs...

roxanne.tsui · 12-29-2004

We are using IDS-42xx sensors. We have referenced the NSDB, and have followed some of the recommendations for benign triggers. The case we raised is responses from external DNS servers.We know that PIX logs outgoing DNS requests in translation tables...

Member Since	‎12-03-2003 07:52 AM
Date Last Visited	‎08-18-2017 03:51 AM
Posts	14

User Statistics

User Activity

signature for blackworm

command to show sensor serial number

IPS Inline Mode span configuration

Alerts not stored in SecMon during database compaction period

UDP Port Sweep

Re: I have a serious problem for Anomaly Detector XT 5600

Re: signature for blackworm

Re: HA for Cisco IDS/IPS 42xx appliances

Re: Alerts not stored in SecMon during database compaction perio

Re: UDP Port Sweep