Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ips questions about

i need to block the netstat command through the ips so which customer sig option should i use i mean a tcp or udp or icmp string ,,,and if i use a udp

which service port should i select!!!

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

ips questions about

Netstat is a local command issued on a PC, Server or Host to determine what ports are currently open or communicating.

It is not something you would find passing thru an IPS sensor in your network.

- Bob

4 REPLIES
Gold

ips questions about

Netstat is a local command issued on a PC, Server or Host to determine what ports are currently open or communicating.

It is not something you would find passing thru an IPS sensor in your network.

- Bob

New Member

ips questions about

Hi Bob ,

              your right net stat  is a  command line tool that displays network connections (incoming and outgoing),port numbers and ports (tcp/udp) and they are avaliable on unix ,windows and unix like operating systems ..

But they can be blocked through the ips .If i am an ips administrator and i dont want my users to use netstat command

i can do that by making a custom signature in ips and i will be selecting the udp option while making the custom signature

and specify all the service port range .Although i was a bit confused which option should i select (udp or tcp or icmp string) while making a custom signature.so i neede a clarification on that.

New Member

ips questions about

Doesn't make sense to me... how will your users be connecting to the command line of those machines to issue the netstat command?

IPS can only work in the way you describe if they connect over an unencrypted connection, or if your encryption is certificate based and you are decrypting/re-encrypting/swapping certificates on the IPS unit.

New Member

ips questions about

u r misunderstanding the question .lets assume i am the network admin and i dont want the users inside my network i.e behind the ips to successfully use the netstat command  through the ips ? ..it works coz this question exists in the certification exams...

771
Views
0
Helpful
4
Replies