Re: [OSL | CCIE_Security] IPS signature for pattern as well as port miuse

[Pieter-Jan Nefkens]

Hi Kings, And what if you'd make two signatures, with the subsignature id? For example: 60100.0 = ATTACK pattern 60100.1 = port misuse And just something that pops into my mind (I don't have IME / IDM handy at the moment) there is also the advanced http settings on the IPS vs itself. Just go to the signatures and click on advanced. Enable http inspection and perhaps the port-misuse is there as well.. ;-) PJ On 10 jun 2010, at 08:11, Kingsley Charles wrote: Hi all I need to configure an IPS signature that inspect HTTP traffic that looks for a pattern "ATTACK" and also sees that port-miuse. p2p, im tunneling is not being done. I think, http AIC signatures can only do both the checks. I tried as following with AIC HTTP engine Define Web Traffic Policy > Select "Yes" Message body Pattern > In the Regex list, I added "ATTACK" But, the problem is either one only can be configured. When I configure one and apply, the other one goes Please let me a how to configure a signature that Detects "ATTACK" pattern Detects port-miuse, p2p, im tunneling in HTTP With regards Kings _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com --- Nefkens Advies Enk 26 4214 DD Vuren The Netherlands Tel: +31 183 634730 Fax: +31 183 690113 Cell: +31 654 323221 Email: pjnefk...@nefkensadvies.nl Web: http://www.nefkensadvies.nl/  Think before you print.

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com