Hi Tyson Do we need to configure a signature of AIC engine after enabling AIC http or just enabling AIC HTTP is suffice to non-RFC compliant traffic.
With regards Kings On Wed, Sep 29, 2010 at 8:15 PM, Tyson Scott <[email protected]> wrote: > AIC also has the capability of detecting tunneled traffic. You could try > to tunnel some traffic with something like PC-Anywhere and see if you can > detect it that way. > > > > Regards, > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > Managing Partner / Sr. Instructor - IPexpert, Inc. > > Mailto: [email protected] > > Telephone: +1.810.326.1444, ext. 208 > > Live Assistance, Please visit: www.ipexpert.com/chat > > eFax: +1.810.454.0130 > > > > IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, > Audio Tools, Online Hardware Rental and Classroom Training for the Cisco > CCIE (R&S, Voice, Security & Service Provider) certification(s) with > training locations throughout the United States, Europe, South Asia and > Australia. Be sure to visit our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Kingsley Charles > *Sent:* Wednesday, September 29, 2010 7:38 AM > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] IPS AIC HTTP > > > > Hi all > > If there is a task asking to configure IPS sesnor to detect HTTP traffic > that non RFC compliant then what should be solution? > > Should I just enable AIC HTTP at the path *Configuration > Policies > > Signature Definitions > sig0 > All Signatures > Advanced > Miscellaneous > > HTTP Policy > Enable HTTP > Yes* > > or > > Configure enable HTTP AIC and configure a sig by selecting type of "*Define > Web Traffic Policy"* and select "*Yes"* for *"alarm on Non-HTTP traffic"*. > > > I need to verify it. Can someone let me know a simple way on how to > generate non-compliant RFC HTTP traffic to check if it is enough to just > enable AIC HTTP to detect non compliant RFC traffic. > > Please don't tell me to telnet to port 80. I am aware that :-) > > I need something like HTTP request without "get". This I can't be simulated > in lab. Any other method that can be simulated in lab? > > > > *Snippet from Help page* > > Configuration > Policies > Signature Definitions > sig0 > All Signatures > > Advanced > Miscellaneous > Help > > Fields > > The following fields are found on the Miscellaneous tab: > > Application Policy—Lets you configure application policy enforcement. > > Enable HTTP —Enables protection for web services. Check the Yes check box > to require the sensor to inspect HTTP traffic for compliance with the RFC. > > Max HTTP Requests—Specifies the maximum number of outstanding HTTP requests > per connection. > > AIC Web Ports—Specifies the variable for ports to look for AIC traffic. > > Enable FTP—Enables protection for web services. Check the Yes check box to > require the sensor to inspect FTP traffic. > > > > > > With regards > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
