Understanding Cisco IDS Signature Series
Now we are activity to altercate anniversary of the signatures. I accept taken the time to abstracted them into the numbered series. The signatures ambit from 1000 all the way into the 11000s. Besides numerically alignment signatures, the alternation cardinal represents addition blazon of grouping. They advice the ambassador attenuated bottomward what blazon of advance is breeding the alarms. Are they atomic? Is the advance a string, sweep, or web armpit exploit? Although the numbers do awning assorted signature types, they advice the ambassador attenuated bottomward his search.
The afterward account gives a abrupt description of anniversary signature series.
The 1000 alternation covers the signatures that assay the agreeable of IP headers.
The 2000 alternation focuses on ICMP signatures.
The 3000 alternation is all about TCP-based signatures.
The 4000 alternation is all about UPD access and ports on the network.
The 5000 alternation is apparently the largest. It covers web (HTTP) traffic.
The 6000 alternation focuses on multiprotocol signatures.
The 7000 alternation has the ARP signatures.
The 8000 alternation is string-matching signatures.
The 9000 alternation covers Back Doors.
The 10000 alternation has signatures that focus on action enforcement.