Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: CISCOs new IPS

from [Gary Halleen] Network Security [Permanent Link]
Subject: RE: CISCOs new IPS
Date: Tue, 1 Feb 2005 21:17:27 -0800 
Mike,

To look at the packet that triggered the attack, you have to enable the
TriggerPacket (also known as CapturePacket) flag on the signature.  Once
this is enabled, a pcap-format packet will be delivered to the monitoring
console with the alert.

Gary


 

-----Original Message-----
From: Mike Johnson [mailto:mike@enoch.org] 
Sent: Saturday, January 29, 2005 11:01 AM
To: ghalleen@cisco.com
Cc: focus-ids@securityfocus.com
Subject: Re: CISCOs new IPS

Gary Halleen (ghalleen) wrote:

Actually, that's not quite correct, Billy?

Cisco IPS 5.0 is just around the corner, and is a full-fledged 
appliance-based IPS product.  It will support various drop actions, as 
well as traffic normalization and antivirus/antiworm.


Can you explain this a little more?  We have a few 4240's in place now (not
inline, obviously), and we're looking forward to 5.0 (though getting more
and more annoyed at the slipping ship dates), so I'd love to go ahead and
get a head start on some of the new features.

And while I'm at it, am I totally missing a way to get a look at the actual
packets that trigger the alerts?

Mike

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: CISCOs new IPS, aruna
Next by Date:  RE: CISCOs new IPS, Gary Halleen
Previous by Thread:  RE: CISCOs new IPS, Gary Halleen
Next by Thread:  RE: CISCOs new IPS, Gary Halleen
Indexes:  [Date] [Thread] [Top] [All Lists]