Hi Eugene, Thanks for the update... One more clarification.. If this ticket triggered when the command originated by username "ananthan" how we can configure ?
On Tue, Apr 17, 2012 at 9:13 AM, Eugene Pefti <[email protected]>wrote: > Example: you want to block/drop all packets with “configure” command > aimed to configure IOS devices and carried over Telnet. You create a custom > signature matching for first 4 characters of the “configure” command - conf > **** > > ** ** > > Signature Name – Stop_Bad_Command**** > > Signature engine – String TCP**** > > Event Action – Deny attacker inline and produce alert**** > > Specify Min Match Length – Yes**** > > Min Match Length – 4**** > > Regex String – [cC][oO][nN][fF]**** > > Service port – 23**** > > Direction – To Service**** > > ** ** > > ** ** > > Eugene**** > > ** ** > > ** ** > > ** ** > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Ananthan > *Sent:* 15 April 2012 21:36 > *To:* [email protected] > *Subject:* [OSL | CCIE_Security] IPS Signature**** > > ** ** > > Hi Experts, > > I need to configure one signature that trigger when the specific user give > a specific command. How can i configure? Could you please any suggestion ? > -Ananthan**** >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
