Monday, October 8, 2018

Cisco 3945 Custom IPS Signatures

I have a Cisco 3945 running IOS 15.4 with IPS capabilities, and I'm trying to figure out the best way to create some custom signatures.

What I want to do is temporarily block (say for 10 min) traffic from a network if the number of incoming TCP connections from that network exceeds 30/min.

Where I'm at is that I've been reading the CLI guide linked below, which so far has been a good resource, but definitely a bit overwhelming, and I was wondering if anyone could provide an example, or recommend any good resources that might have some examples? Or even confirm what I want to do is possible on my device?

https://www.cisco.com/c/en/us/td/docs/security/ips/7-1/configuration/guide/cli/cliguide71/cli_signature_definitions.html

Thanks in advance for any comments / recommendations.



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)