[c-nsp] Cisco IDS-4230 - TCP Reset Problem - Zahid Hassan - net.nether.puck.cisco-nsp

1 message in net.nether.puck.cisco-nsp[c-nsp] Cisco IDS-4230 - TCP Reset Pr...

From	Sent On	Attachments
Zahid Hassan	Jan 3, 2005 11:49 am

	Permalink for this message Paste this link in email or IM:
	Permalink for this thread Paste this link in email or IM:
	Atom feed for this thread Paste this URL into your reader:

Subject:	[c-nsp] Cisco IDS-4230 - TCP Reset Problem	Actions...
From:	Zahid Hassan (zhas...@gmx.net)
Date:	Jan 3, 2005 11:49:06 am
List:	net.nether.puck.cisco-nsp

Dear All,

I am testing a custom signature on Cisco a 4230 running Version 4.1(4)S91. I am seeing alerts on the IEV but not getting any connection resets.

Signature config output:

IDS-1# sh configuration | include SIGID 20000 signatures SIGID 20000 SubSig 0 IDS-1# sh configuration | begin SIGID 20000 signatures SIGID 20000 SubSig 0 AlarmSeverity high AlarmThrottle FireAll EventAction log|reset RegexString testattack ServicePorts 23

Debug IP Packet Detail on the routers are also not showing any RST flags being sent from the IDS sniffing interface.

Any pointers or comments would be highly appreciated.

Regards,

Zahid

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets
	Permalink to these results Paste this link in email or IM:
	Atom feed for tracking future search results Paste this URL into your reader: