Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
529
Views
0
Helpful
2
Replies

ips signatures

mai2mai2m
Level 1
Level 1

‎10-30-2007 03:05 PM - edited ‎03-10-2019 03:51 AM

According to CISCO doc, the signatures can be classified as exploit, connection and string-based.

Are the exploit signatures based on known vulnerabilities or exploit pattern, or both?

After tuning alerts on the relevant contexts, would manually matching the patterns in payload and signature provide more confidence with positives?

Labels:
0 Helpful
2 Replies 2

mhellman
Level 7
Level 7

‎10-31-2007 06:23 AM

To which Cisco doc are you referring? Those classifications seem a bit nonsensical. It is not uncommon to see discussions around signatures that detect a specific exploit versus the vulnerability. In either case though, with signature based technology you are using patterns. Some are designed to detect a specific exploit of a vulnerability while others might detect any exploit of a vulnerability.

0 Helpful

yytdlvlei
Level 1
Level 1

‎10-31-2007 07:51 PM

1103

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card