07-31-2001 10:12 AM - edited 03-08-2019 08:32 PM
Hi all.
I've just updated one of my sensors to 3.0(1)S4. The update seems to have worked smoothly. See below:
The Version of the Sensor is: 3.0(1)S4
postoffice v175 (Release) 01/07/11-21:50
logger v175 (Release) 01/07/11-21:49
sap v175 (Release) 01/07/11-21:50
fileXfer v175 (Release) 01/07/11-21:48
sensor v175 (Release) 01/07/11-15:33
The problem is with the CSPM. When I approve a new configuration I immediately get an error message stating: "Error - Incorrect sensor version". Looking at the distribution status I see the message: "Actual IDS Sensor Version 3.0(1)S4 is not the same as the user specified version 2.5(1)S3. invalid Sensor version".
Of course I have updated my CSPM to tell it that the sensor is now 3.0(1)S4, so the above message is apparently incorrect.
CSPM version is 2.3.1 build 2440.
I'm locked out from accessing the sensor via CSPM. What am I missing?
TIA,
Giovanni
07-31-2001 10:30 AM
It is possible that database was not updated after making the version change. The version saved to the database may still have been 2.5(1)S3.
In CSPM select the sensor.
In the configuration window for the sensor ensure that the sensor version 3.0(1)S4 is selected (be sure to not select 3.0(1)S4 IDSM).
Press the OK button so that the change will be saved to local memory.
Press the Update Button so that the change will be saved to the database, and the new configuration files will be generated.
Wait until the configuration is completely generated.
Then try to push the configuration once again.
07-31-2001 01:41 PM
I did this, it didn't seem to work. I'll try as rcrowe suggests.
Which of the recent string match signatures are made obsolete by S4? The Code Red sig, the TESO telnet exploit?
Giovanni
07-31-2001 02:07 PM
The Custom String Matches that have been released for Code Red should be maintained on your sensors until we get S5 posted. Their is a posting under the title Acitve Update Notification: BSD Telnet Daemon Buffer Overflow on this forum that will walk you through adding a custom signature to a 3.0 sensor for The TESO telnet exploit. (NOTE: This signature can only be added to 3.0 sensors) This should be maintained until S5 is posted as well.
S5 is in the final stages of QA and should be ready to post this week.
07-31-2001 11:04 AM
i saw this too when i updated. im not sure what causes it, and maybe someone else out here might be able to explain it, but the way i got around it was to delete the sensor from CSPM and then re-add the sensor by Wizards --> Add Sensor. Then check Click here to capture sensor configuration. After that everything was fine.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide