Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Does signature no 5351 work correctly???

Our IDS shun some regular web pages due the signature no 5351. Is this normal? Is there any risks to allow traffic containing this signature code?

1 REPLY
Silver

Re: Does signature no 5351 work correctly???

If indeed regular web pages are being wrongly shunned, you could fine tune your setup to exclude signature/s wrt a specific host or network address. The process is described at http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_tech_note09186a008009404e.shtml. However, you need to be careful while doing this. Purging could cause False negitives or the faliure to detect actual malicious activity. Another thing, I don't think that signature 5351 is supported by Cisco IOS. This is as per the 'Cisco IOS Intrusion Detection Systems Signature List' at http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_data_sheet09186a008014c532.html.

96
Views
0
Helpful
1
Replies
CreatePlease to create content