About nicksmi

nicksmi · 10-12-2011

Due to a bug in IPS software versions prior to 7.0.6, it is not advised to apply signature updates past S601 without having upgraded to 7.0.6 first. This issue is being tracked as CSCtn23051. If a customer has applied S601 without problems, there ...

nicksmi · 02-19-2014

I will forward your question to the team that maintains normalizer signatures.

nicksmi · 11-02-2012

We could create a signature to detect this type of activity. The only problem is that one person's brute force is another's average day, in terms of network traffic. Any such signature would have to be highly tuned for the enviornment it is deploye...

nicksmi · 07-20-2012

Probably not. The signature is informational and the following is from the benign triggers section:"The default alarm level for this is low because this happens during normal network activity within a Windows network. As an example, when mounting t...

nicksmi · 12-30-2011

We release an update at least once a week. We release more often for critical issues and as signatures (or retirements) are available. It would be best to check for updates every day, just in case.

nicksmi · 10-17-2011

From a colleague,The only way to prevent these two sigs (1204 and 1208) from firing is to retire them and then reset the sensor. Disabling them will only stop alerting, and they will continue to deny packets (this is part of the normalizer’s design)...

Member Since	‎07-11-2006 12:18 PM
Date Last Visited	‎02-24-2021 12:17 AM
Posts	24
Total Helpful Votes Received	14

User Statistics

User Activity

Signature Update S601 Pulled From Cisco.com

Signature 1306 - promiscuous mode

IPS signature to block brute force attempt

IPS Signature 5575- IDSM2

How often does Cisco release signature updates?

deactivated signatures still causing drops