Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Cisco IDS Signature details

from [Pachulski, Keith] Network Security [Permanent Link]
Subject: RE: Cisco IDS Signature details
Date: Mon, 25 Jul 2005 16:13:40 -0400 
http://www.cisco.com/pcgi-bin/front.x/ipsalerts/ipsalertsHome.pl

-----Original Message-----
From: Jean-Pierre Denis [mailto:webglobe@gmail.com]
Sent: Sunday, July 24, 2005 9:33 PM
To: Focus-IDS
Subject: Cisco IDS Signature details


Hi everyone,

does someone know where I can find a full text listing of all the
signature used on CISCO
IDS?  What i am looking for is the regular expression of the string
pattern that a signature
is trying  to find in the packet In order to validate the signature
effectiveness.

I can find this information in the IDS DM under
  Configuration > Sensing Engine > Virtual Sensor Configuration >
Signature Configuration Mode. by putting my mouse over the arrow in
the " more " section.

For example, If I look at signature ID 5366 Shell ... I will see the
HeaderRegex Value in
the yellow box but the problem with this is that you cannot copy the
content of the yellow
box that is appearing in another document.

It would have been nice if this information was included in NSDB. NSDB
give you a detailed
information about the purpose of the signature without telling you
what it's really doing. I am
wondering why cisco did this ...

I've look on the cisco site but there is so many documents to look ...

I would be great If someone could point me in the good direction.

-- 

Thanks,
Jean-Pierre Denis

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Cisco IDS Signature details, Jean-Pierre Denis
Next by Date:  RE: IDS alerts / second - Correlation - Virtualization, Palmer, Paul (ISSAtlanta)
Previous by Thread:  RE: Cisco IDS Signature details, Alex Arndt
Next by Thread:  RE: Firewalls (was Re: IDS evaluations procedures) - AI, Swift, David
Indexes:  [Date] [Thread] [Top] [All Lists]