Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Eng2 Release for High Port Scan/Sweep - Is it in new Service Pack?

I have been using the Eng 2 release for my sensors to accuratly detect high port scans - and I thank y'all for that release. Do I still need to install it after the new service pack?

  • Other Security Subjects
1 REPLY
Cisco Employee

Re: Eng2 Release for High Port Scan/Sweep - Is it in new Service

The 3.1(3)S31 Service Pack does not contain the changes for high port scans.

If you already have the eng2 release installed, What to do:

1) Before applying the Service Pack make a backup copy of the /usr/nr/bin/nr.packetd file. "cp nr.packetd nr.packetd.engbackup"

2) Before applying the Service Pack execute "nrvers" and make note of the build number and build date for nr.packetd (sensor=nr.packetd).

3) Apply the Service Pack

4) Execute "nrvers" and ensure that the nr.packetd build number and date did not change.

If no change was seen then you are good to go and still running the engineering version of nr.packetd. If the number did change you will need to manually revert back to the engineering version:

a) Loging as netrangr and execute nrstop

b) Login as root

c) Execute "ls -l /usr/nr/bin/nr.packetd" and look closely at the permissions, ownership, and group ownership.

d) Make a backup of nr.packetd: "cp nr.packetd nr.packetd.313S31backup"

e) Copy the engbackup onto packetd: "cp nr.packetd.engbackup nr.packetd"

f) Execute: "ls -l /usr/nr/bin/nr.packetd" and ensure that the permissions match from c above.

g) If they match then login as netrangr and runnrstart.

If they don't matchthen use the following commands to setup the permissions as user root, then switch to netrangr and run nrstart:

chown root nr.packetd

chgrp netrangr nr.packetd

chmod 4750 nr.packetd

85
Views
0
Helpful
1
Replies
This widget could not be displayed.