Are there any additional sources of information for creating custom signatures for IPS? I am working with a SSM-10 module in an ASA. The product docs are great for install and basic tuning but I need a bit more for signatures/actions.
We are trying to stop dictionary attacks being thown at one of our servers and would like to shut down access to a source address after a few failed tries.
What kind of application is this? If its using active directory logon then there is a built-in signature that you can clone and modify as necessary. Other protocols also have authentication signatures AFAIK. If its not already there you need to use the link provided by htarra to create a signature yourself. If the protocol is clear-text you can just do a regular string signature to look for the auth. failure string/OP code.
It is RADIUS authentication using IAS. The client has numerous services/devices that are exposed and use this type of authentication. Someone is throwing dictionary attacks against them all the time. I had hoped to be able to shut this down based on source IP after about three failed attempts.
Do you know if there are any existing signatures that could be modified to accomplish this?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :