Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

I would like to catch new virus traffic on Cisco IDS infrastructure (Swisyn.v & sality)

Hi,

Does Cisco published any signature for new virus atatcks Swisyn.v & sality. We wanted to catch this virus traffic in our network on IDS. Anybody knows whether cisco can support this new attacks. I appreciate if anybody could let me know how it can be captured on IDS if there is no signature available from Cisco. Fast response would be highly appreciated. Thanks

Regards,

Lucky.

Everyone's tags (2)
3 REPLIES
Cisco Employee

Re: I would like to catch new virus traffic on Cisco IDS infrast

There are two good places to keep up with potential signatures for specific threats:

Cisco's IntelliShield site:

http://www.cisco.com/security

  This site provides insight into active security threats as well as research regarding IPS signatures.

Cisco's IPS Threat Defense Bulletin:

http://www.cisco.com/offer/newsletter/123668_4/ [subscription link]

  This email bulletin is released with each new signature update and includes the changes present in the signature update, as well as news regarding updates to IPS software.

  At this time, I am not aware of a signature to detect either Swisyn.v or sality.

Scott

New Member

Re: I would like to catch new virus traffic on Cisco IDS infrast

Hi Scott,

Thanks for your reply. I have registered for Cisco IPS Threat Defense Bulletin and our IDs & CS-MARS we ensure and maintain our infrastructure updated at all the times.

I just wanted to know if there is no signature available, how we can catch this malicious atatcks or new virus atatcks in our network? Thanks in advance for your earliest response.

Regards,

Lucky

Cisco Employee

Re: I would like to catch new virus traffic on Cisco IDS infrast

Lucky;

If there is a specific fingerprint for the traffic generated by either

exploit, you could create a custom signature to provide detection. You

can find out more on defining signatures here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_definitions.html

As well as using the signature wizard here:

http://www.cisco.com/en/US/docs/security/ips/7.0/configuration/guide/idm/idm_signature_wizard.html

Scott

961
Views
10
Helpful
3
Replies