Solved: Re: IDS 3.1(4)S51 new signatures

rttsui · ‎09-05-2003

Hi, I have applied S51 signature update IDS-sig-3.1-4-S51.bin (automatically) with idsupdate/idsapply. The log shows that it is update successfully. The version also shows S51.

packetd.conf shows:

#

# Merge Done By IDSk9-sp-3.1-4-S50.bin

#

SigOfGeneral 5380 0 4 4 4 4 # phpBB SQL injection

SigOfGeneral 5381 0 4 4 4 4 # VPASP SQL injection

SigOfGeneral 5382 0 4 4 4 4 # Xpressions SQL Admin Bypass

SigOfGeneral 5385 0 4 4 4 4 # CiscoWorks User Priviledge Modification

SigOfGeneral 5386 0 5 5 5 5 # CiscoWorks Command Exec

#

# Merge Done By ids-postpatch

#

However I cannot find the new signatures 3125, 3125,5389 in the config files, or using the unix IDS director GUI. I did find it using .SigWizMenu. Any idea why? Just want to confirm that the new signatures are active, and can be tunned if necessary via SigUser. Thanks.

marcabal · ‎09-08-2003

There is a bug in our signature update. The packetd.conf file was not updated correctly.

We are fixing the problem and will send out the fix in S52.

View solution in original post

astuckey · ‎09-08-2003

The S51 update for the Unix director is a separate download. Did you install it as well?

marcabal · ‎09-08-2003

There is a bug in our signature update. The packetd.conf file was not updated correctly.

We are fixing the problem and will send out the fix in S52.

rttsui · ‎09-09-2003

We have applied the S51 update to the Unix director successfully. We will apply the S52 update when available. Thank you both for your help.