Cisco IDS-4230 - TCP Reset Problem

From: Zahid Hassan (zhassan@gmx.net)
Date: Mon Jan 03 2005 - 13:42:41 GMT-3

• Next message: Bobby: "OOT: Prevent UDP Port Attack"
• Previous message: Jay Hennigan: "Re: OT: Pins 3 & 6 seperated"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear All,

I am testing a custom signature on Cisco a 4230 running Version 4.1(4)S91.
I am seeing alerts on the IEV but not getting any connection resets.

Signature config output:

IDS-1# sh configuration | include SIGID 20000
signatures SIGID 20000 SubSig 0
IDS-1# sh configuration | begin SIGID 20000
signatures SIGID 20000 SubSig 0
AlarmSeverity high
AlarmThrottle FireAll
EventAction log|reset
RegexString
testattack
ServicePorts 23

Debug IP Packet Detail on the routers are also not showing
any RST flags being sent from the IDS sniffing interface.

Any pointers or comments would be highly appreciated.

Regards,

Zahid

• Next message: Bobby: "OOT: Prevent UDP Port Attack"
• Previous message: Jay Hennigan: "Re: OT: Pins 3 & 6 seperated"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 02 2005 - 22:10:18 GMT-3