I would like to catch new virus traffic on Cisco IDS infrastructure (Swisyn.v & sality)

Unanswered Question
Jul 21st, 2010

Hi,

Does Cisco published any signature for new virus atatcks Swisyn.v & sality. We wanted to catch this virus traffic in our network on IDS. Anybody knows whether cisco can support this new attacks. I appreciate if anybody could let me know how it can be captured on IDS if there is no signature available from Cisco. Fast response would be highly appreciated. Thanks

Regards,

Lucky.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Scott Fringer Wed, 07/21/2010 - 04:48

There are two good places to keep up with potential signatures for specific threats:

Cisco's IntelliShield site:

http://www.cisco.com/security

  This site provides insight into active security threats as well as research regarding IPS signatures.

Cisco's IPS Threat Defense Bulletin:

http://www.cisco.com/offer/newsletter/123668_4/ [subscription link]

  This email bulletin is released with each new signature update and includes the changes present in the signature update, as well as news regarding updates to IPS software.

  At this time, I am not aware of a signature to detect either Swisyn.v or sality.

Scott

lekchandmantri Wed, 07/21/2010 - 05:01

Hi Scott,

Thanks for your reply. I have registered for Cisco IPS Threat Defense Bulletin and our IDs & CS-MARS we ensure and maintain our infrastructure updated at all the times.

I just wanted to know if there is no signature available, how we can catch this malicious atatcks or new virus atatcks in our network? Thanks in advance for your earliest response.

Regards,

Lucky

Scott Fringer Wed, 07/21/2010 - 05:18

Lucky;

If there is a specific fingerprint for the traffic generated by either

exploit, you could create a custom signature to provide detection. You

can find out more on defining signatures here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm...

As well as using the signature wizard here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm...

Scott

Actions

This Discussion

Related Content