Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Pandora and CSIDS

I'm reviewing a document that makes recomendations regarding Pandora (an attack tool for Novell). It notes "The introduction of an intrusion detection system (IDS) would also help to mitigate this vulnerability. An IDS would not only provide alerts when this type of attack is attempted, but would also aid in identifying the attacker." Does the CSIDS standard signature load include detection of Pandora NCP spoofing attempts?

2 REPLIES
New Member

Re: Pandora and CSIDS

My network engineer who has used Pandora (legally of course) stated that the utility uses TCP port 524 and UDP port 524. If you setup a custom sig, you should be able to monitor any activity.

I have comnfigured my IDS to monitor port 524.

New Member

Re: Pandora and CSIDS

The current signature set does not include coverage for Novell NCP spoofing.

122
Views
0
Helpful
2
Replies
CreatePlease login to create content