IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Cisco IDS Signature details

From: Jean-Pierre Denis <webglobe () gmail com>
Date: Sun, 24 Jul 2005 21:32:35 -0400
Hi everyone,

does someone know where I can find a full text listing of all the
signature used on CISCO
IDS?  What i am looking for is the regular expression of the string
pattern that a signature
is trying  to find in the packet In order to validate the signature
effectiveness.

I can find this information in the IDS DM under
  Configuration > Sensing Engine > Virtual Sensor Configuration >
Signature Configuration Mode. by putting my mouse over the arrow in
the " more " section.

For example, If I look at signature ID 5366 Shell ... I will see the
HeaderRegex Value in
the yellow box but the problem with this is that you cannot copy the
content of the yellow
box that is appearing in another document.

It would have been nice if this information was included in NSDB. NSDB
give you a detailed
information about the purpose of the signature without telling you
what it's really doing. I am
wondering why cisco did this ...

I've look on the cisco site but there is so many documents to look ...

I would be great If someone could point me in the good direction.

-- 

Thanks,
Jean-Pierre Denis

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: