Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

The Signature "Net Flood" don't work.

Hi!

I want to tune IPS module (SSP) in ASA-5545-X for work with the signature 6920/0 (Net flood TCP), 6910/0 (Net Flood UDP) and 6901 (Net Flood ICMP ..).

 

My settings:

signatures 6901 0
status
enabled true
retired false
exit
exit
signatures 6902 0
status
enabled true
retired false
exit
exit
signatures 6903 0
status
enabled true
retired false
exit
exit
signatures 6910 0
status
enabled true
retired false
exit
exit
signatures 6920 0
engine flood-net
event-action produce-alert|produce-verbose-alert
exit
status
enabled true
retired false
exit

 

The parameter "rate" in signatures is default, but I don't see an alert. The alert must be sent every 30 second with "Rate" = 0.

 

Thanks!

Everyone's tags (1)
2 REPLIES
New Member

P.S. I use promiscuous mode

P.S. I use promiscuous mode and I sure my IPS to work, because a other signature are work correctly.

New Member

I had rebooted the module and

I had rebooted the module and signatures worked.

60
Views
0
Helpful
2
Replies
CreatePlease to create content