IDS mailing list archives
Cisco IDS Signature details
From: Jean-Pierre Denis <webglobe () gmail com>
Date: Sun, 24 Jul 2005 21:32:35 -0400
Hi everyone, does someone know where I can find a full text listing of all the signature used on CISCO IDS? What i am looking for is the regular expression of the string pattern that a signature is trying to find in the packet In order to validate the signature effectiveness. I can find this information in the IDS DM under Configuration > Sensing Engine > Virtual Sensor Configuration > Signature Configuration Mode. by putting my mouse over the arrow in the " more " section. For example, If I look at signature ID 5366 Shell ... I will see the HeaderRegex Value in the yellow box but the problem with this is that you cannot copy the content of the yellow box that is appearing in another document. It would have been nice if this information was included in NSDB. NSDB give you a detailed information about the purpose of the signature without telling you what it's really doing. I am wondering why cisco did this ... I've look on the cisco site but there is so many documents to look ... I would be great If someone could point me in the good direction. -- Thanks, Jean-Pierre Denis ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Cisco IDS Signature details Jean-Pierre Denis (Jul 25)
- RE: Cisco IDS Signature details Alex Arndt (Jul 26)
- <Possible follow-ups>
- RE: Cisco IDS Signature details Pachulski, Keith (Jul 26)