Is there a way to write a custom signature that looks for a IP address making rapid connection attempts to an IPSec termination device trying to brute force a pre-shared key? Would this be something the Anomaly Detection engine would detect?
Luis,Try disabling all of the TCP Drop (1330) signatures on the IPS. These signatures look at the packet headers and drop all packets that do not meet RFC specifications.1330-0: TCP packet has bad checksum. This signature will not produce an alert in...