Example: you want to block/drop all packets with "configure" command aimed to configure IOS devices and carried over Telnet. You create a custom signature matching for first 4 characters of the "configure" command - conf
Signature Name - Stop_Bad_Command Signature engine - String TCP Event Action - Deny attacker inline and produce alert Specify Min Match Length - Yes Min Match Length - 4 Regex String - [cC][oO][nN][fF] Service port - 23 Direction - To Service Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Ananthan Sent: 15 April 2012 21:36 To: [email protected] Subject: [OSL | CCIE_Security] IPS Signature Hi Experts, I need to configure one signature that trigger when the specific user give a specific command. How can i configure? Could you please any suggestion ? -Ananthan
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
