The question comes up every now and again - when do we (IPS signature team) disable or retire signatures.
Remember that there is a difference between disabled and retired. Essentially:
Disabled/enabled - turns the written alert off/on.
Retired/active - signature "does not"/"does" get compiled in memory.
As a rule of thumb, we will release signatures active and enabled.
We may release a signature disabled by default if the vulnerability is severe, but it is unlikely that the software is in wide-spread use.
We may disable a signature that in certain environments would fire excessively on benign traffic.
We will generally release policy signatures (for example, MSN traffic, AIM traffic, p2p, etc.) as disabled by default since they alert on legitimate and normally expected traffic for that application/protocol.
It is up to the organization to enable the alerts if they care too.
We will disable and retire signatures where the vulnerability is 18+ months old, is not a protocol vulnerability (tcp, udp, ip, http, etc.), and has had no active exploitation in the past 6 months.
There will always be exceptions, but this covers most scenarios.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...