Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Signature Tweaking

I would like to create a signature that would ignore all incoming traffic destined for port 53 from certain IP addresses. I would allow all, but we are not that trusting. Also, I would like to allow any traffic destined to certain IP address access to Port 8080. I am pretty new at designing signatures, but I follow instructions well.

Thanks

Dwane

3 REPLIES
New Member

Re: Signature Tweaking

Sounds like you need ACL's on a firewall, not signatures on your IDS.

New Member

Re: Signature Tweaking

We do have ACLs on the firewall, but there are particular signatures that sneak through the IDS machine such as Long WebDAV. Plus, certain signatures have known false positives like sig 4003 which triggers when initiated from DNS servers. Thanks

New Member

Re: Signature Tweaking

90
Views
0
Helpful
3
Replies
CreatePlease to create content