Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
481
Views
0
Helpful
2
Replies

Signature to compare data

Go to solution
avanzaadmin
Level 1
Level 1

‎06-15-2010 08:26 AM - edited ‎03-10-2019 05:01 AM

Hi folks

I got a question today that left we thinking and no answer.

Can I, on an IPS 7.x, create a rule that compares data in a HTTP flow?

Example: User send a login request in clear text but the server responds with a different account. A custom packet sniffer app would store the data, extract the login, store it as a variable and then compare it with the response. Easy, but can the IPS do that?

Regards

Fredrik

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fringer
Cisco Employee
Cisco Employee

‎06-15-2010 08:47 AM

Fredrik;

  No, the IPS is not designed to store values for later comparison - it only checks the data in the current flow.

Scott

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Scott Fringer
Cisco Employee
Cisco Employee

‎06-15-2010 08:47 AM

Fredrik;

  No, the IPS is not designed to store values for later comparison - it only checks the data in the current flow.

Scott

0 Helpful

Go to solution
avanzaadmin
Level 1
Level 1
In response to Scott Fringer

‎06-15-2010 10:15 PM

Plain and simple, as I suspected. Thank you.

Regards

Fredrik

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card