sa520 ips signatures -- definitions?

Linksys, Netgear, sonicwall, ect. Webbase configurations for firewalls. Web filting traffic shaping.
Guest

sa520 ips signatures -- definitions?

Post by Guest » Thu May 28, 2009 12:16 am

  could anyone shed some light on what the signature discription available below are a subset are specifically - what does each check? is there a decoder ring somewhere? Signature IDSignature DescriptionDisabledDetect OnlyDetect and Prevent      1000076      SBIPS2009-000076      1000085      SBIPS2009-000085      1000086      SBIPS2009-000086      1000087      SBIPS2009-000087      1000120      SBIPS2009-000120      1000232      SBIPS2009-000232      1000233      SBIPS2009-000233      1000235      SBIPS2009-000235      1000236      SBIPS2009-000236      1000237      SBIPS2009-000237

Guest

Re:sa520 ips signatures -- definitions?

Post by Guest » Thu May 28, 2009 1:03 am

I will take a swipe at this since their bascially a light version of other Cisco IPS signatures. Personally I take the easy Google search route, but you may be able to obtain an RSS feed to provide direct links. Example: Google SBIPS2009-000076 Returns: http://tools.cisco.com/security/center/ ... rtId=18181 As for the breakdown of the gory technical details, it will vary with each signature. I do know many agencies will allow the signatures to be on by default, but its all up to you. Troubleshooting a BAD IPS signature can be difficult, but I wouldn worry since a huge amount of testing goes into them. Basically they are SNORT signatures... Shhh, Cisco does not want you to look under the open source hood and build your own firewall.  Does that help?

Guest

Re:sa520 ips signatures -- definitions?

Post by Guest » Thu May 28, 2009 1:36 am

Hi, You can use the link below to check the Small Business IPS signature defnitions: http://tools.cisco.com/security/center/ ... 010-000215 Just replace the signature ID with the one you are insterested.  Regards,Wei

Post Reply