Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
1
Replies

IDS4210 can't reset tcp connections of all unwanted e-mails

mtcu
Level 1
Level 1

‎07-09-2002 09:50 AM - edited ‎03-10-2019 01:24 PM

Hi, we have applyed IDS4210 for internet connection, we use the IDS with 1760 router. We have created custom string signature on the IDS. IDS can reset many unwanted e-mail connections (port tcp 25). But some of them (unwanted e-mails) can reach the mail server. IDS can't prevent all of them. we don't want this mails. Our internet connection is 512 FR. How can i prevent this mails? i am waiting your suggestions.

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎07-11-2002 08:50 PM

If you've set up a string signature, then you may run into problems if that particular string is spread over two TCP packets, the IDS sensor won't pick them up then. If the signature is capturing most of them but missing a few, I'd say that's whats going on. You could verify with a Sniffer trace near your mail server and capture the ones that do get through. You may be able to shorten your string signature to something that will be able to grab it even when it's spread over two packets (or create a couple of string signatures, one with the first portion of the string and one with the last portion).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents