Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
611
Views
0
Helpful
4
Replies

Problem updating to 3.0

giovanni
Level 1
Level 1

‎07-31-2001 10:12 AM - edited ‎03-08-2019 08:32 PM

Hi all.

I've just updated one of my sensors to 3.0(1)S4. The update seems to have worked smoothly. See below:

The Version of the Sensor is: 3.0(1)S4

postoffice v175 (Release) 01/07/11-21:50

logger v175 (Release) 01/07/11-21:49

sap v175 (Release) 01/07/11-21:50

fileXfer v175 (Release) 01/07/11-21:48

sensor v175 (Release) 01/07/11-15:33

The problem is with the CSPM. When I approve a new configuration I immediately get an error message stating: "Error - Incorrect sensor version". Looking at the distribution status I see the message: "Actual IDS Sensor Version 3.0(1)S4 is not the same as the user specified version 2.5(1)S3. invalid Sensor version".

Of course I have updated my CSPM to tell it that the sensor is now 3.0(1)S4, so the above message is apparently incorrect.

CSPM version is 2.3.1 build 2440.

I'm locked out from accessing the sensor via CSPM. What am I missing?

TIA,

Giovanni

Labels:
0 Helpful
4 Replies 4

marcabal
Cisco Employee
Cisco Employee

‎07-31-2001 10:30 AM

It is possible that database was not updated after making the version change. The version saved to the database may still have been 2.5(1)S3.

In CSPM select the sensor.

In the configuration window for the sensor ensure that the sensor version 3.0(1)S4 is selected (be sure to not select 3.0(1)S4 IDSM).

Press the OK button so that the change will be saved to local memory.

Press the Update Button so that the change will be saved to the database, and the new configuration files will be generated.

Wait until the configuration is completely generated.

Then try to push the configuration once again.

0 Helpful

giovanni
Level 1
Level 1
In response to marcabal

‎07-31-2001 01:41 PM

I did this, it didn't seem to work. I'll try as rcrowe suggests.

Which of the recent string match signatures are made obsolete by S4? The Code Red sig, the TESO telnet exploit?

Giovanni

0 Helpful

klwiley
Cisco Employee
Cisco Employee
In response to giovanni

‎07-31-2001 02:07 PM

The Custom String Matches that have been released for Code Red should be maintained on your sensors until we get S5 posted. Their is a posting under the title Acitve Update Notification: BSD Telnet Daemon Buffer Overflow on this forum that will walk you through adding a custom signature to a 3.0 sensor for The TESO telnet exploit. (NOTE: This signature can only be added to 3.0 sensors) This should be maintained until S5 is posted as well.

S5 is in the final stages of QA and should be ready to post this week.

0 Helpful

rcrowe
Level 1
Level 1

‎07-31-2001 11:04 AM

i saw this too when i updated. im not sure what causes it, and maybe someone else out here might be able to explain it, but the way i got around it was to delete the sensor from CSPM and then re-add the sensor by Wizards --> Add Sensor. Then check Click here to capture sensor configuration. After that everything was fine.

0 Helpful
Customers Also Viewed These Support Documents