• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

confusion abt event count parameter for cisco ips signatures

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security

View previous topic :: View next topic  
Author Message
sebastan_bach
Just Arrived
Just Arrived


Joined: 20 Dec 2006
Posts: 0


Offline

PostPosted: Thu Dec 21, 2006 2:50 pm    Post subject: confusion abt event count parameter for cisco ips signatures Reply with quote

hi all i have a confusion abt the event count value for the signatures.

say if i set the event count value to 5 then the signature will fire only if the event ocours 5 times right.

does it mean that when the first time the attack packet comes the signature is not fired and the action is not taken. the signature action is taken only if it hits 5 times.

is this what it means. and will the event be written to the event store.

can someone pls clarify this doubt.

regards

sebastan
Back to top
View user's profile Send private message Send e-mail
bsdjunkie
Trusted SF Member
Trusted SF Member


Joined: 13 Jun 2003
Posts: 2


Offline

PostPosted: Thu Dec 21, 2006 5:12 pm    Post subject: Reply with quote

You are correct, if you set the event count to 5, then it will need to happen 5 times before it produces an alert for that signature.
Back to top
View user's profile Send private message
sebastan_bach
Just Arrived
Just Arrived


Joined: 20 Dec 2006
Posts: 0


Offline

PostPosted: Fri Dec 22, 2006 1:21 am    Post subject: Reply with quote

hi my question was when the event count is set to 5 and when the first time the signature fires will it take the action specified for the signature say for example the action is deny the packet. so will the packet be denied when the signature fires for the first time or the signature has to fire 5 times for the packet to be denied.

waiting for ur reply.

regards

sebastan
Back to top
View user's profile Send private message Send e-mail
bsdjunkie
Trusted SF Member
Trusted SF Member


Joined: 13 Jun 2003
Posts: 2


Offline

PostPosted: Fri Dec 22, 2006 7:56 pm    Post subject: Reply with quote

Once the signature fires for the first time, it will perform the deny if it is set to do so.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register