rhermes

Member Since: Aug 19, 2003

English
rhermes commented on Configuring 4255 sensor in promiscuous mode in Intrusion Prevention Systems/IDS 2 years ago

You want to do a VACL capture on the 6500: http://www.cisco.com/c/en/us/support/docs/lan-switching/...

rhermes commented on SSM-10 upgrade in Failover ASA (Active/Standby) in Intrusion Prevention Systems/IDS 2 years ago

It all depends on your Fail Open setting and your security posture.If your primary ASA is set to...

rhermes commented on Finding the mac address on 4255 IPS appliance in Intrusion Prevention Systems/IDS 2 years ago

The 5 GigE sensing interfaces do have have MAC addresses.In Promiscious Mode, they do not transmit...

rhermes commented on Is it possible for SSM-20 to stream to syslog? in Intrusion Prevention Systems/IDS 2 years ago

No, you can't send events to the ASA.SNMP Traps was the workaround. There is no syslog for...

rhermes commented on Is it possible for SSM-20 to stream to syslog? in Intrusion Prevention Systems/IDS 2 years ago

None of the Cisco IPS sensors can generate syslog messages for signature events.You can configure...

rhermes commented on ASA IPS Test in Intrusion Prevention Systems/IDS 2 years ago

There is no need to get complex for testing signature detection and if your response actions are...

rhermes commented on Signature to prohibit delete of files/folders on ftp server in Intrusion Prevention Systems/IDS 2 years ago

It would be possible to create a TCP session signature that would trigger on the string "del" or "...

rhermes commented on ASA IPS Test in Intrusion Prevention Systems/IDS 2 years ago

Biandov -You are correct, I did neglect to take Promiscuous mode ACL shunning into account when I...

rhermes commented on ASA IPS Test in Intrusion Prevention Systems/IDS 2 years ago

If your ASA AIP-SSM module is in promiscious mode, then you can't block traffic.The sensor module...

rhermes commented on SNMP Traps on ASA5585-SSP-IPS10 in Intrusion Prevention Systems/IDS 2 years ago

You need to do this on a per-signature basis. There is no global "send all my signature events via...

rhermes commented on IPS 7.1 Event Analysis in Intrusion Prevention Systems/IDS 2 years ago

I don't have any experience with Splunk and Cisco IPS, but there is a Wiki for it, so I assume...

rhermes commented on IPS 7.1 Event Analysis in Intrusion Prevention Systems/IDS 2 years ago

Daniel -Your two most common options for getting event data off your sensors are:1. Get/build/buy a...

rhermes commented on Tuning IPS Signatures in an Industrial Network in Intrusion Prevention Systems/IDS 2 years ago

Rene -Enabling all the signatures on your IPS may not be in your best interests. Even with ample...

rhermes commented on Preventing or stopping attack with no signature or disabled signature in Intrusion Prevention Systems/IDS 2 years ago

Jhun -There are several reasons why a signature may be disabled by default, but usually they are...

rhermes commented on Switch config for Inline Interface Pair in Intrusion Prevention Systems/IDS 2 years ago

Your IPS appliance will bridge the traffic between the two VLANS. Assign your VLAN ports like this:...

rhermes commented on ASA IPS Transparent Design Solution Needed in Intrusion Prevention Systems/IDS 2 years ago

You ask a lot of questions without providing any detailed information.ASSUMING your L3 switch is a...

rhermes commented on Switch config for Inline Interface Pair in Intrusion Prevention Systems/IDS 2 years ago

What are you using for an IPS, an appliance? an IOS IPS in the Internet router or the ASA?If you...

rhermes commented on IPS Event Victim IP is 0.0.0.0 in Intrusion Prevention Systems/IDS 2 years ago

Juhn -Yes, anytime you see the 0.0.0.0 address used in the victim IP address field it is the...

rhermes commented on ASA IPS Transparent Design Solution Needed in Intrusion Prevention Systems/IDS 2 years ago

Avit -If you read my responses carefully, you'll find all the answers to your question of...

rhermes commented on ASA IPS Transparent Design Solution Needed in Intrusion Prevention Systems/IDS 2 years ago

You orginaly stated that you wanted to place an ASA5525-X between the external L3 switch and a HA...

rhermes commented on IPS Event Victim IP is 0.0.0.0 in Intrusion Prevention Systems/IDS 2 years ago

You can edit the signature to change the summarization and force it to fire for each victim IP...

rhermes commented on ASA IPS Transparent Design Solution Needed in Intrusion Prevention Systems/IDS 2 years ago

The first design issue is that you are being asked to place an IPS sensor OUTSIDE the firewall?Is...

rhermes commented on IPS 4240 Booting Problem in Intrusion Prevention Systems/IDS 2 years ago

I am not familiar with the format of the 4240 flash, so I can;t comment on any necessary...

rhermes commented on IPS ASA-SSM license update in Intrusion Prevention Systems/IDS 2 years ago

It appears your AIP-SSM20 is configured to use an http proxy to connect to the Internet. If you...

rhermes commented on IPS and DDOS protection in Intrusion Prevention Systems/IDS 2 years ago

Cisco IPS sensors can provide limited DDoS protection under a small set of circumstances (all...

rhermes commented on IPS 4240 Booting Problem in Intrusion Prevention Systems/IDS 2 years ago

You are doing everything correctly to reimage your sensor.You should be able to download either...

rhermes commented on Need to update IPS Sensor and Signature in Intrusion Prevention Systems/IDS 2 years ago

In IPS 7.0(8)E4 the default value of the Cisco server IP address has been changed from 198.133.219....

rhermes commented on IPS SSM 20 software upgrade in Intrusion Prevention Systems/IDS 2 years ago

You can use either method to upgrade your sensor.In IME, go to the Configuration tab, Sensor...

rhermes commented on IPS SSM 20 software upgrade in Intrusion Prevention Systems/IDS 2 years ago

Have you ever searched for and downloaded a router software update?If you have,it works just like...

rhermes commented on Error connecting to sensor. Error loading sensor in Intrusion Prevention Systems/IDS 2 years ago

Rebel -Your SSM setup looks correct, but your problem is the lack of network connectivity form the...

rhermes commented on blocking torrentz in ips in Intrusion Prevention Systems/IDS 2 years ago

Last time I tested Cisco's ability to block Bit Torrent traffic (about 2 years ago) it was unable...

rhermes commented on IDSM-2 email question in Intrusion Prevention Systems/IDS 2 years ago

There isn't an option for Emailing alerts from the IPS Sensors (including the IDSM).You can...

rhermes commented on Anomaly Detection Knowledge Base in Intrusion Prevention Systems/IDS 2 years ago

ArashYour IPS Sensors need to build this database on their own, based on the traffic they see....

rhermes commented on Error connecting to sensor. Error loading sensor in Intrusion Prevention Systems/IDS 2 years ago

Your "sh mod 1" looks good. It's also a good sign that you can get into your sensor via "session 1...

rhermes commented on Cisco IPS make slow copy between linux server in Intrusion Prevention Systems/IDS 2 years ago

Don;t forget the Normalizer engine signatures that do not report when they fire.Everyone gets bit...

rhermes commented on Error connecting to sensor. Error loading sensor in Intrusion Prevention Systems/IDS 2 years ago

It sounds like your AIP-SSM is sick. It shouldn't reject a "session 1" connection via the backplane...

rhermes commented on Upgrade to IPS version 6? in Intrusion Prevention Systems/IDS 3 years ago

Your backup plan would be to reimage the sensor from scratch with the OS version of your choice.-...

rhermes commented on IPS Promiscous VLAN Groups in Intrusion Prevention Systems/IDS 3 years ago

You do not need to run two virtual sensors in order to do this. Your signature policy will be the...

rhermes commented on Is there a command to know the current throughput fo an IPS in Intrusion Prevention Systems/IDS 3 years ago

I had a script that would log in, run a "show stat analysis" twice, 60 seconds apart. Then it...

rhermes commented on Configuring IDSM in promiscuous mode? in Intrusion Prevention Systems/IDS 3 years ago

Not that I know of, but since Promiscious mode won;t effect yoru traffic, I;d give this config a...

rhermes commented on Configuring IDSM in promiscuous mode? in Intrusion Prevention Systems/IDS 3 years ago

The IDSM doesn;t need any special commands to inspect traffic in Promiscious mode.You'll want to...

rhermes commented on Cisco ASA 5555-s with IPS License question in Intrusion Prevention Systems/IDS 3 years ago

Yes, the IPS sensors are licensed annually. If you have more than one sensor (or annual license)...

rhermes commented on Configure ASA5515-X with IPS as standalone IPS. in Intrusion Prevention Systems/IDS 3 years ago

We've done this with ASA5500 models, so it's a safe bet you could do this with the ASA5500x...

rhermes commented on Monitoring AnalysisEngine via SNMP in Intrusion Prevention Systems/IDS 3 years ago

We've been plauged by this problem for years. We set up a custom sig that fires every 5 min and if...

rhermes commented on IPS 4240 Series in Intrusion Prevention Systems/IDS 3 years ago

Are you trying to put this 4240 in line?If you have a switch on each rail of yoru HA, then you...

rhermes commented on Unable to login into IDSM-2 through session slot in Intrusion Prevention Systems/IDS 3 years ago

Show us the output of a "show module" on the 6500 to see what state your sensors are in.and show us...

rhermes commented on IPS system with 20 Gb eth ports in Intrusion Prevention Systems/IDS 3 years ago

The interface standard speeds are 1, 10 and 40 Gb/s. I;m not aware of any interfaces that run at...

rhermes commented on SSM40 and ASA Config in Intrusion Prevention Systems/IDS 3 years ago

It looks correct.You can try enabling the ICMP Echo Request signature and watch it fire on pings...

rhermes commented on Promiscuous mode AIM-SSM-10 in Intrusion Prevention Systems/IDS 4 years ago

Jeff -Those modules support promiscious mode. Here's a sample configureation you need to put on...

rhermes commented on AIP-SSM License Renewal in Intrusion Prevention Systems/IDS 4 years ago

Sorry I can;t help with your part number question. As far as your sensor license goes, if your...

Bio












rhermes's Stats

Points831
Discussion started 16
Answers marked as Correct 88
Endorsed 0
Content Rated 149