09-17-2003 11:22 PM - edited 03-09-2019 04:50 AM
A specific host allways attack to our network.This host is using DNS Server.We don't want this to be detected as an attack.How to add a filter to this signiture?
signiture id 4003 "Nmap UDP Port Sweep"
09-18-2003 05:37 AM
Heres one way:
log into your sensor via ssh
sensor#conf t
sensor#service alarm-channel-configuration virtualAlarm
sensor#tune-alarm-channel
sensor#EventFilter
sensor#Filters DestAddrs
sensor#exit
sensor#exit
save changes when prompted.
09-18-2003 08:41 PM
thank you very much.
09-18-2003 05:59 AM
are you using a network IDS sensor. Like a Cisco-K9-4235? If so I can detail the very simple process to filter "out" the source from detection from the signature 4003
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: