Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : Intrusion Detection System : Understanding Cisco IDS Signature Series

Understanding Cisco IDS Signature Series

Nov 25,2008 by admin

small font medium font large font
image

Understanding Cisco IDS Signature Series

Now we are going to discuss each of the signatures. I have taken the time to separate them into the numbered series. The signatures range from 1000 all the way into the 11000s. Besides numerically grouping signatures, the series number represents another type of grouping. They help the administrator narrow down what type of attack is generating the alarms. Are they atomic? Is the attack a string, sweep, or web site exploit? Although the numbers do cover multiple signature types, they help the administrator narrow down his search.

The following list gives a brief description of each signature series.

  • The 1000 series covers the signatures that analyze the content of IP headers.

  • The 2000 series focuses on ICMP signatures.

  • The 3000 series is all about TCP-based signatures.

  • The 4000 series is all about UPD connections and ports on the network.

  • The 5000 series is probably the largest. It covers web (HTTP) traffic.

  • The 6000 series focuses on multiprotocol signatures.

  • The 7000 series has the ARP signatures.

  • The 8000 series is string-matching signatures.

  • The 9000 series covers Back Doors.

  • The 10000 series has signatures that focus on policy enforcement.


472 times read

Related news
» Signature and Alarm Management Review
by alperen posted on Mar 20,2010
» Signature Series
by alperen posted on Mar 10,2010
» Signature Types
by alperen posted on Mar 10,2010
» Signature and Alarm Management Review Questions and Answers
by alperen posted on Mar 20,2010
» CIDS Signatures
by alperen posted on Mar 10,2010
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

admin

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.