cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
507
Views
0
Helpful
1
Replies

signature id for tcp port 6070

raden.rusdiana
Level 1
Level 1

guys,

We've problem with signature IPS in our idsm2, my customer is Banking company,they want to develop

application banking based on ip, the application need to open and allowing port tcp 6070 and 7007

is there any signature ID that's inspect the traffics of application?

the condition idsm2 is bypassing the engine inspection.but it's not the clear solution coz it's make all

traffic is bypass without inspection.  

if the engine bypass is auto mode, no one event of ips can hit or show the signature engine,The IPS does not generate alerts, but the application

cannot established, it's always retransmitted if we tap using wireshark.

Need your respond ASAP.because my customer has develop this application in every branch.

Thanks.

Regards,

Rusdi

1 Reply 1

Jennifer Halim
Cisco Employee
Cisco Employee

It sounds that it matches the TCP engine and if the TCP banking application does not conform with the RFC standard, it could possibly be inspected by the IDSM2 TCP engine. You would need to check the TCP engine signatures in the IDSM2.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: