07-21-2010 04:24 AM
Hi,
Does Cisco published any signature for new virus atatcks Swisyn.v & sality. We wanted to catch this virus traffic in our network on IDS. Anybody knows whether cisco can support this new attacks. I appreciate if anybody could let me know how it can be captured on IDS if there is no signature available from Cisco. Fast response would be highly appreciated. Thanks
Regards,
Lucky.
07-21-2010 04:48 AM
There are two good places to keep up with potential signatures for specific threats:
Cisco's IntelliShield site:
This site provides insight into active security threats as well as research regarding IPS signatures.
Cisco's IPS Threat Defense Bulletin:
http://www.cisco.com/offer/newsletter/123668_4/ [subscription link]
This email bulletin is released with each new signature update and includes the changes present in the signature update, as well as news regarding updates to IPS software.
At this time, I am not aware of a signature to detect either Swisyn.v or sality.
Scott
07-21-2010 05:01 AM
Hi Scott,
Thanks for your reply. I have registered for Cisco IPS Threat Defense Bulletin and our IDs & CS-MARS we ensure and maintain our infrastructure updated at all the times.
I just wanted to know if there is no signature available, how we can catch this malicious atatcks or new virus atatcks in our network? Thanks in advance for your earliest response.
Regards,
Lucky
07-21-2010 05:18 AM
Lucky;
If there is a specific fingerprint for the traffic generated by either
exploit, you could create a custom signature to provide detection. You
can find out more on defining signatures here:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_definitions.html
As well as using the signature wizard here:
http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_wizard.html
Scott
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: