Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
0
Helpful
3
Replies

Signature Tweaking

dpatkins
Level 1
Level 1

‎01-21-2004 08:48 AM - edited ‎03-09-2019 06:11 AM

I would like to create a signature that would ignore all incoming traffic destined for port 53 from certain IP addresses. I would allow all, but we are not that trusting. Also, I would like to allow any traffic destined to certain IP address access to Port 8080. I am pretty new at designing signatures, but I follow instructions well.

Thanks

Dwane

Labels:
0 Helpful
3 Replies 3

bfl1
Level 1
Level 1

‎01-21-2004 09:20 AM

Sounds like you need ACL's on a firewall, not signatures on your IDS.

0 Helpful

dpatkins
Level 1
Level 1
In response to bfl1

‎01-21-2004 11:24 AM

We do have ACLs on the firewall, but there are particular signatures that sneak through the IDS machine such as Long WebDAV. Plus, certain signatures have known false positives like sig 4003 which triggers when initiated from DNS servers. Thanks

0 Helpful
Customers Also Viewed These Support Documents