Cisco Systems IPS 7.1 Home Security System User Manual


  Open as PDF
of 1042
 
9-7
Cisco Intrusion Prevention System CLI Sensor Configuration Guide for IPS 7.1
OL-19892-01
Chapter 9 Configuring Anomaly Detection
Anomaly Detection Signatures
Table 9-1 lists the anomaly detection worm signatures.
Table 9-1 Anomaly Detection Worm Signatures
Signature ID Subsignature ID Name Description
13000 0 Internal TCP Scanner Identified a single scanner over a TCP
protocol in the internal zone.
13000 1 Internal TCP Scanner Identified a worm attack over a TCP
protocol in the internal zone; the TCP
histogram threshold was crossed and a
scanner over a TCP protocol was
identified.
13001 0 Internal UDP Scanner Identified a single scanner over a UDP
protocol in the internal zone.
13001 1 Internal UDP Scanner Identified a worm attack over a UDP
protocol in the internal zone; the UDP
histogram threshold was crossed and a
scanner over a UDP protocol was
identified.
13002 0 Internal Other Scanner Identified a single scanner over an Other
protocol in the internal zone.
13002 1 Internal Other Scanner Identified a worm attack over an Other
protocol in the internal zone; the Other
histogram threshold was crossed and a
scanner over an Other protocol was
identified.
13003 0 External TCP Scanner Identified a single scanner over a TCP
protocol in the external zone.
13003 1 External TCP Scanner Identified a worm attack over a TCP
protocol in the external zone; the TCP
histogram threshold was crossed and a
scanner over a TCP protocol was
identified.
13004 0 External UDP Scanner Identified a single scanner over a UDP
protocol in the external zone.
13004 1 External UDP Scanner Identified a worm attack over a UDP
protocol in the external zone; the UDP
histogram threshold was crossed and a
scanner over a UDP protocol was
identified.
13005 0 External Other Scanner Identified a single scanner over an Other
protocol in the external zone.
13005 1 External Other Scanner Identified a worm attack over an Other
protocol in the external zone; the Other
histogram threshold was crossed and a
scanner over an Other protocol was
identified.
 previous next