JonPBerbee

Member Since: Apr 10, 2007

English
JonPBerbee commented on Turn off rule for specific IP address in Event Analysis 1 year ago

Thank you Aastha, I had considered that option as well but was hoping there was a way to turn the...

JonPBerbee commented on Signature ID = 6043 in Intrusion Prevention Systems/IDS 1 year ago

I've noticed this event trigger 8 times on one of my customers IPS devices in the past 24 hours....

JonPBerbee commented on CSCuq79027 - Cisco Secure Access Control System SQL Injection Vulnerability in Cisco Bug Discussions 1 year ago

I am also interested in what you find out from TAC. I'd like to know if/when version 5.4 will be...

JonPBerbee commented on Sig ID 5009/0 IE Security Bypass in Intrusion Prevention Systems/IDS 1 year ago

It looks like this signature is set to be retired in the package released today.

JonPBerbee commented on Sig ID 5009/0 IE Security Bypass in Intrusion Prevention Systems/IDS 1 year ago

We are also seeing this trigger frequently across a couple of our customer's sensors. I was...

JonPBerbee commented on IOS IPS Auto-Signature Update Question. in Intrusion Prevention Systems/IDS 2 years ago

Thank you for the reply Saurav.  That procedure you point to is to update directly from Cisco which...

JonPBerbee commented on Victim port 0 not blocked in Intrusion Prevention Systems/IDS 2 years ago

I'm not sure there is a way to tell for sure with summary being on, someone correct me if I'm wrong...

JonPBerbee commented on Victim port 0 not blocked in Intrusion Prevention Systems/IDS 2 years ago

Yeah, I agree with wsulym that this sounds like it is just a summary of multiple attacks that are...

JonPBerbee commented on Cannot connect to IPS - 7.1(8p1)E4. in Intrusion Prevention Systems/IDS 2 years ago

Not sure if your problem is with the configuration of the Management interface or not but the below...

JonPBerbee commented on Exclude an IP being blocked on a signature in Intrusion Prevention Systems/IDS 2 years ago

You will need to create an event action filter "service event-action-rules rules0" section of the...

JonPBerbee commented on asa-ips virtual sensor physical interface in Intrusion Prevention Systems/IDS 2 years ago

Hi Anatoly,You need to assign PortChannel0/0 to the virtual sensor for your IPS to inspect traffic...

JonPBerbee commented on Cisco IPS make slow copy between linux server in Intrusion Prevention Systems/IDS 3 years ago

You coud log into the CLI and submit "show stat virtual-sensor | beg Per-Signature" and see what...

JonPBerbee commented on Router 2911 15.3(3)M1 IOS IPS Auto-update not working in Intrusion Prevention Systems/IDS 3 years ago

Hmm, interesting.  Does that mean we have to manually update signatures on IOS IPS?Jon Peckham.

JonPBerbee commented on IPS Advice... in Intrusion Prevention Systems/IDS 3 years ago

We manage several customers that have IPS running on ASA's configured in active/standby mode. The...

JonPBerbee commented on Analysis Engine is Not Running in Intrusion Prevention Systems/IDS 3 years ago

We have seen this happen occasionally on different sensors that we manage. This usually occurs...

JonPBerbee commented on 5585X-IPS SSM40 Event alert in Intrusion Prevention Systems/IDS 3 years ago

In the CLI enter the following command to see if any signatures are triggering, it could just be...

JonPBerbee commented on ASA 5515 with IPS Module in Intrusion Prevention Systems/IDS 3 years ago

If you haven't logged into the IPS before then you can "session ips" from the ASA to get into the...

JonPBerbee commented on How to configure syslog on the following IPS module ? in Intrusion Prevention Systems/IDS 3 years ago

Hi Saurabh,The enVision appliances we manage all pull the events from IPS modules in ASA's so the...

JonPBerbee commented on How to configure syslog on the following IPS module ? in Intrusion Prevention Systems/IDS 3 years ago

RSA enVision can be configured to pull these logs using the Cisco's SDEE protocol.You need to allow...

JonPBerbee commented on ASA5525-X IPS Annual signature subscription clarification in Intrusion Prevention Systems/IDS 4 years ago

Hi Martin, the IPS signatures are still subscription-based for the new -x platform.Jon.

JonPBerbee commented on Anyone else notice IPS Signature 1548/0 firing frequently? in Intrusion Prevention Systems/IDS 4 years ago

Thanks for the update Roopesh.  We ended up just filting this out in the MARS appliances when the...

JonPBerbee commented on Anyone else notice IPS Signature 1548/0 firing frequently? in Intrusion Prevention Systems/IDS 4 years ago

Yeah, we just had some fire in the 65.54.0.0/16 range in addition to the 207.46.0.0/16 range.Thanks...

JonPBerbee commented on Understanding IPS log (sig:16297-Worm Activity) in Intrusion Prevention Systems/IDS 4 years ago

Hi Jag.Here is a link with more information on alert 16297/0.  tools.cisco.com/security/center/...

JonPBerbee commented on ASA-SSM-10 Troubleshooting in Intrusion Prevention Systems/IDS 4 years ago

Interesting, thanks for the update.  I'll have to make sure we don't make those edits on our...

JonPBerbee commented on ASA-SSM-10 Troubleshooting in Intrusion Prevention Systems/IDS 4 years ago

I have seen this happen occasionally with a signature update.  Have you tried rebooting the sensor...

JonPBerbee commented on cisco ips 4206 Analysis Engine not running in Intrusion Prevention Systems/IDS 4 years ago

We have had this issue in the past with our sensors and the only way that we were able to clear it...

JonPBerbee commented on Sensor Health is showing Red in Intrusion Prevention Systems/IDS 4 years ago

Hi Tariq,Someone else can correct me if I'm wrong but I believe that this means you had a high...

JonPBerbee commented on Signature 41846/1 matches on Adobe Site in Intrusion Prevention Systems/IDS 4 years ago

Hi Dana,You and I must have been posting at the same time.  We noticed an issue with this signature...

JonPBerbee commented on Can MARS filter based on something in the IPS trigger packet? in MARS 6 years ago

Thanks for the reply halijenn.Unless I missed something I don't see anywhere in those two links...

JonPBerbee commented on NIDS HTTP evasion - Signature 24339 in Intrusion Prevention Systems/IDS 6 years ago

We have seen this as well for a few of our customers going to various different websites.  All the...

JonPBerbee commented on S441 Sig 21622/1 activity in Intrusion Prevention Systems/IDS 7 years ago

We are seeing this signature kick of a lot of alerts as well. Just wondering if Cisco has...

Bio












JonPBerbee's Stats

Points25
Discussion started 8
Answers marked as Correct 3
Endorsed 0
Content Rated 2