Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

Gold

changes to sig 3010-0 with V6?

Can anyone tell me what changed with this sig in V6? Our old filter no longer work. It appears the normal source and destination IP addresses have been swapped but that particular setting on the sig has not changed AFAICT (it was and is set to swap-attacker-victim). The source is the Internet and high ports, the destination is our DMZ and port 443. So, I think this is reply traffic. Conceptually, why would you swap the source/destination for a high port sweep anyway?

230
Views
0
Helpful
0
Replies
CreatePlease to create content