Kings, Yup you are correct when inspecting either HTTP or FTP on the IPS you need to first enable them under the advacned options. This is included as part of the solutions guide for Lab3.
String.tcp engine was used as a possible solution, like with most things there are many ways of skinning the ccie lab cat ;) Using the regex section of the string.http engine sig may have also acheived the requirements of the task. Stu On Fri, Feb 12, 2010 at 3:40 PM, Kingsley Charles < [email protected]> wrote: > Hi all > > Please find my queries below: > > 1)We are asked to configure check for the FTP command "del" and hence we > use the FTP AIC engine. For this signature, don't we need to enable FTP > inspection in advance options > miscellaneous? > > 2)For Code Red, the solution given here is to use strping.tcp engine. Can't > we use service.http engine and it's RUI regex option? > > > With regards > Kings > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > -- Regards, Stuart Hare CCIE #25616 (Security), CCSP, Microsoft MCP Sr. Support Engineer – IPexpert, Inc. URL: http://www.IPexpert.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
