cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1375
Views
10
Helpful
3
Replies

I would like to catch new virus traffic on Cisco IDS infrastructure (Swisyn.v & sality)

lekchandmantri
Level 1
Level 1

Hi,

Does Cisco published any signature for new virus atatcks Swisyn.v & sality. We wanted to catch this virus traffic in our network on IDS. Anybody knows whether cisco can support this new attacks. I appreciate if anybody could let me know how it can be captured on IDS if there is no signature available from Cisco. Fast response would be highly appreciated. Thanks

Regards,

Lucky.

3 Replies 3

Scott Fringer
Cisco Employee
Cisco Employee

There are two good places to keep up with potential signatures for specific threats:

Cisco's IntelliShield site:

http://www.cisco.com/security

  This site provides insight into active security threats as well as research regarding IPS signatures.

Cisco's IPS Threat Defense Bulletin:

http://www.cisco.com/offer/newsletter/123668_4/ [subscription link]

  This email bulletin is released with each new signature update and includes the changes present in the signature update, as well as news regarding updates to IPS software.

  At this time, I am not aware of a signature to detect either Swisyn.v or sality.

Scott

Hi Scott,

Thanks for your reply. I have registered for Cisco IPS Threat Defense Bulletin and our IDs & CS-MARS we ensure and maintain our infrastructure updated at all the times.

I just wanted to know if there is no signature available, how we can catch this malicious atatcks or new virus atatcks in our network? Thanks in advance for your earliest response.

Regards,

Lucky

Lucky;

If there is a specific fingerprint for the traffic generated by either

exploit, you could create a custom signature to provide detection. You

can find out more on defining signatures here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_definitions.html

As well as using the signature wizard here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_wizard.html

Scott

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: