Has anybody tested the Poison Ivy RAT against the Cisco IDS/IPS? I have an XP workstation inside a network that is currently connected to a Pioson Ivy server listening on the default port 3460. Doing nothing fancy...no special traffic hiding, didn't even change the default port. The IDS doesn't care. I did a search through the site and I don't find any signatures related to Poison Ivy. Can it be try that the Cisco IDS doesn't detect this?
The Cisco TAC engineer verified that traffic is being captured and that there is no matching signature.
Unfortunately Poison Ivy encrypts its C&C traffic so the IPS has no visibility into its traffic. If you can supply a pcap of any unique Poison Ivy traffic you are seeing we can investigate the possibility of a signature.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...