Skip navigation
Cisco Learning Home > Certifications > Security > IPS Specialist > Discussions


2495 Views 1 Reply Latest reply: Oct 1, 2010 2:22 AM by Kashif RSS

Currently Being Moderated

IPS Signature Question

Jul 24, 2010 6:21 PM

 IOScertsGoneMad  105 posts since
Apr 30, 2010

          Hello all,

So I understand the premise of the .sdf file of what its doing, and the 3 different options to load, attack-drop.sdf, 128MB.sdf, or 256MB.sdf.


But what I'm not sure about, is this signature like what the other AV vendors use? If so, why isn't there a feature to update the signatures on a daily basis?


So I would think with the rate threats are emerging, my sdf files I got 1 year ago are way out of date and would not work for any current viruses in the wild.




  • Kashif 2 posts since
    May 5, 2009
    Currently Being Moderated
    1. Oct 1, 2010 2:22 AM (in response to IOScertsGoneMad)
    Re: IPS Signature Question

    Hi Guys ,


    A quick Questions ,


    On 14 Sepetmebr Microsoft Announced a vulnerability in MS Print spooler Service and Cisco Released a IPS Signature for that


    29459.0   Microsoft Windows Print spooler Design Flaw     advanced  Vulnerability


    I see thousand of signatures being triggered in my IME console (I think it is probably due to the way we share Printers), couple of days later cisco Retired that signature.


    I want to know that Vulnerability still exists , and My servers team is struggeling to sort out that MS patch , Because they installed it and Server crashed ,


    Should i enable the signature , would it still be able to track any suspecious packet  or not as Cisco says it is Retired in 23rd September bulliten.


    Why cisco retire Signature ?


    When it is not in use.

    When it is old (whihs is not the case in My situation)

    Or Cisco assume that Every one have patched by now.



    Thanks in Advance for you time and advice.




    Kashif Iqbal


More Like This

  • Retrieving data ...

Bookmarked By (0)