ips signatures

Unanswered Question
Oct 30th, 2007
User Badges:

According to CISCO doc, the signatures can be classified as exploit, connection and string-based.

Are the exploit signatures based on known vulnerabilities or exploit pattern, or both?

After tuning alerts on the relevant contexts, would manually matching the patterns in payload and signature provide more confidence with positives?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Wed, 10/31/2007 - 06:23
User Badges:
  • Blue, 1500 points or more

To which Cisco doc are you referring? Those classifications seem a bit nonsensical. It is not uncommon to see discussions around signatures that detect a specific exploit versus the vulnerability. In either case though, with signature based technology you are using patterns. Some are designed to detect a specific exploit of a vulnerability while others might detect any exploit of a vulnerability.


This Discussion