Which of the following signatures was created by an IPS adminisrator using the custom signature creation capability of IPS?
A.
2000 – ICMP Echo Reply
B.
3050 – Half-open SYN attack
C.
12000 – Gator Spyware Beacon
D.
9000 – TCP Backdoor Probe.
E.
6000- BitTorrent File Download.
Explanation:
Signatures
Cisco IPS prevents intrusion by comparing traffic against the signatures of known attacks. Cisco IOS images that support Cisco IPS have built-in signatures that Cisco IPS can use, and you can also have Cisco IPS import signatures for the router to use when examining traffic. Imported signatures are stored in a signature definition file (SDF). This window lets you view the configured Cisco IPS signatures on the router. You can add customized signatures, or import signatures from SDFs downloaded from Cisco.com. You can also edit, delete, enable, and disable signatures.
Cisco IPS is shipped with an SDF that contains signatures that your router can accommodate. To learn more about the SDF shipped with Cisco IPS, and how to have Cisco IPS use it, click IPS- Supplied Signature Definition Files.
Adding a 5.x Custom Signature By Using the Signature Wizard You can create custom signatures using the Signature Wizard. The Signature Wizard creates custom signatures at the device level, not at the group level.
To use the Signature Wizard, follow these steps:
Step 1 Select Configuration > Settings.
Step 2 In the TOC, click the Object Selector handle.
Step 3 In the Object Selector, select the 5.x sensor for which you want to create a custom signature.
Step 4 In the TOC, select Signature Wizard > IPS 5.x.
The Signature Wizard welcome page appears.
Step 5 Click Start the Wizard.
a. Select either Engine Type or Protocol Type as the type of signature you want to create.
The Select Engine drop-down list appears.
Enter the signature name in the Signature Name field and then click Next>.
The Alert Response page appears.d.
f.
Select the action or actions that should be taken from the Event Action list. Then click Next>.
You can press and hold the Ctrl key while selecting, to select more than one Event Action from the
The Summary page appears.
h.Click Finish>.
The system displays a message that notifies you that the signature has been succesfully created.
j.Verify that the new custom signature has been specified correctly:
a.In the TOC, select Signatures.
c.In the Select Group list box, select Custom.
e. Confirm the appearance of the new custom signature in the list, which signifies that it was added.
