[nsp] Cisco IOS IDS Signature
atticus at satanic.org
atticus at satanic.org
Thu Apr 15 02:03:23 EDT 2004
> I'm trying to identify the IOS IDS signature that would prevent a web surfer
> from accessing SSL sites, for example, their banking site.
If you're suspect of it, the alert logs should make it clear. Is there a
reason you suspect this in particular?
Personally, I'd recommend just shutting down IOS IDS -- its a fine idea,
but until signature updates are modularized (ie. NBAR PDLM's) and
available alongside NetRanger updates, its pretty worthless. (Hint:
PSIRT has had good docs and recommendations on Nachi for some time, but
can IOS IDS recognize it even it 12.3(7)?)
More information about the cisco-nsp
mailing list