cid:context/cid:fromAttacker field

Unanswered Question
Aug 19th, 2010

Hello Folks,

I wanted to know, what do the fields

cid:context/cid:fromAttacker           $$,$
cid:context/cid:fromTarget             $$,$
mean in the logs for Cisco IDS/Cisco IPS.

The values I have are :

<ci  cid:fromTarget>iFt+TjtbtqMWmdG8zjgFP22OfbGZfGvt/gT0sDx7EqxVLPYL8cCr++RM+hJY oLIXKaw1RLT2pCQht2nYXRFTezxKFIDVeDfeWxJnyuHodjHVb2eJsf6Hh2gq 2iGA+VwYkzyMVkBUkiQr94aI3u0gLOWdlhnkINswbg9rsFOrBxYOV1hqX8s/ XavvwLX+s7EyGhZleQ32NihXsmZgJjnejXvieK3sK2N7RmbHXuFXfQcyl5ZR NxM8yT/fA78QCTYH/r5XiKLJslm5qDH43zRftDCsUUawJ0g4BmNVW/cjmpVm L1XO1x3sw92BwmmHOfmenKw8olSpbnur9d8q47JBiA==</cid:fromTarget>

<cid:fromAttacker>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAXgABDAAXD/zv/IEAAMsIAEUABOlIWQAAPwY6d8dEURtK P5GgzbUAUCfcE7L/AoqNgBj//9DBAAABAQgK7wDcqwH8g5lNZmNJU0FQSUNv bW1hbmQ9dXBkYXRlJnBhcmFtPSU2OCUwMyUwMSUwMA==</cid:fromAttacker>

</cid:context>

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Scott Fringer Mon, 08/23/2010 - 08:14

This represents context data captured by the sensor in response to a specific signature event.  This data is usually data that was collected just prior to, and immediately after the signature alert was triggered.

The fromAttacker and fromTarget indicates from which device the context data was collected.

Scott

praprama Mon, 08/23/2010 - 08:21

This is basically a dump of the data in the packet that caused the signature to trigger.

Such context data is produced by default for certain signatures whenevr they are triggered.

Regards,


Prapanch

Actions

This Discussion