Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How to add a filter to signiture?

A specific host allways attack to our network.This host is using DNS Server.We don't want this to be detected as an attack.How to add a filter to this signiture?

signiture id 4003 "Nmap UDP Port Sweep"

3 REPLIES
New Member

Re: How to add a filter to signiture?

Heres one way:

log into your sensor via ssh

sensor#conf t

sensor#service alarm-channel-configuration virtualAlarm

sensor#tune-alarm-channel

sensor#EventFilter

sensor#Filters DestAddrs Exception False SIGID 4003 SourceAddrs SubSig *

sensor#exit

sensor#exit

save changes when prompted.

New Member

Re: How to add a filter to signiture?

thank you very much.

New Member

Re: How to add a filter to signiture?

are you using a network IDS sensor. Like a Cisco-K9-4235? If so I can detail the very simple process to filter "out" the source from detection from the signature 4003

100
Views
5
Helpful
3
Replies