How to block P2P using IPS: IPS is intelligent device with has signature to see the pattern of traffic and can recognize application on the behalf of signature in data packet.
What is P2P: Peer-to-peer (P2P) is a decentralized communications model in which each party has the same capabilities and either party can initiate a communication session. Unlike theclient/server model, in which the client makes a service request and the server fulfills the request, the P2P network model allows each node to function as both a client andserver.
These applications are dynamic in nature of ports and IPs and can not be blocked by ACL using IPs and port. These application can be blocked by NBAR or IPS by using signatures.
Configuration for IPS to block P2P:
1. The cisco has retired P2P singnature and retired signature can not take any action even if it is enabled in configuration. So there are three stpes.
1. make signature active from retired
2. Change severity level from low to medium
3. Choose action to take by signatures.
Configuration by Command line:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
service signature-definition sig0
signatures 5534 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5534 1
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5534 2
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5535 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5536 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5768 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5771 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 0
alert-severity medium
engine meta
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 1
alert-severity medium
engine service-generic
event-action deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 2
alert-severity medium
engine service-generic
event-action deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 3
alert-severity medium
engine service-generic
event-action deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 4
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 7201 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 7202 0
alert-severity medium
engine service-p2p
event-action produce-alert
exit
status
enabled true
retired true
exit
exit
signatures 7203 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 7205 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
exit
signatures 11000 0
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11000 1
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11000 2
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11000 3
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11001 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11001 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11002 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11002 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11003 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11003 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11004 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11004 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11005 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11005 1
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11005 2
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11006 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11006 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11007 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11007 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 11008 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11008 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11009 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11009 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 11010 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11010 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11011 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11011 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11012 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11012 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11013 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11013 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11014 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11015 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11016 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11017 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11017 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 11018 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11018 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11019 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11019 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11020 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11020 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|log-attacker-packets|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11020 2
alert-severity medium
engine fixed-udp
event-action deny-attacker-victim-pair-inline|deny-packet-inline|log-attacker-packets|produce-alert
exit
status
enabled true
retired false
exit
exit
signatures 11020 3
alert-severity medium
engine fixed-udp
event-action deny-attacker-victim-pair-inline|deny-packet-inline|log-attacker-packets|produce-alert
exit
status
enabled true
retired false
exit
exit
signatures 11020 4
alert-severity medium
engine fixed-udp
event-action deny-attacker-victim-pair-inline|deny-packet-inline|log-attacker-packets|produce-alert
exit
status
enabled true
retired false
exit
exit
signatures 11020 5
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11021 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11022 0
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11022 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
retired false
exit
exit
signatures 11023 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11023 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
retired false
exit
exit
signatures 11024 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11025 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11026 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11027 0
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11027 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
retired false
exit
exit
signatures 11028 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11029 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11030 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11031 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11032 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11033 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 15255 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 15574 0
alert-severity medium
engine fixed-tcp
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 15693 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 15693 1
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 16194 0
alert-severity medium
engine fixed-tcp
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 18183 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 18183 1
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 20360 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 20361 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 27560 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 30680 0
alert-severity medium
engine fixed-tcp
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
exit
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
service signature-definition sig0
signatures 5534 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5534 1
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5534 2
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5535 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5536 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5768 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5771 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 0
alert-severity medium
engine meta
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 1
alert-severity medium
engine service-generic
event-action deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 2
alert-severity medium
engine service-generic
event-action deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 3
alert-severity medium
engine service-generic
event-action deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 5806 4
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 7201 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 7202 0
alert-severity medium
engine service-p2p
event-action produce-alert
exit
status
enabled true
retired true
exit
exit
signatures 7203 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 7205 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
exit
signatures 11000 0
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11000 1
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11000 2
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11000 3
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11001 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11001 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11002 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11002 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11003 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11003 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11004 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11004 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11005 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11005 1
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11005 2
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11006 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11006 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11007 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11007 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 11008 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11008 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11009 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11009 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 11010 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11010 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11011 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11011 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11012 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11012 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11013 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11013 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11014 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11015 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11016 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11017 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11017 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 11018 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11018 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11019 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11019 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11020 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11020 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|log-attacker-packets|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11020 2
alert-severity medium
engine fixed-udp
event-action deny-attacker-victim-pair-inline|deny-packet-inline|log-attacker-packets|produce-alert
exit
status
enabled true
retired false
exit
exit
signatures 11020 3
alert-severity medium
engine fixed-udp
event-action deny-attacker-victim-pair-inline|deny-packet-inline|log-attacker-packets|produce-alert
exit
status
enabled true
retired false
exit
exit
signatures 11020 4
alert-severity medium
engine fixed-udp
event-action deny-attacker-victim-pair-inline|deny-packet-inline|log-attacker-packets|produce-alert
exit
status
enabled true
retired false
exit
exit
signatures 11020 5
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11021 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11022 0
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11022 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
retired false
exit
exit
signatures 11023 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11023 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
retired false
exit
exit
signatures 11024 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11025 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11026 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11027 0
alert-severity medium
engine string-udp
event-action produce-alert|deny-packet-inline|deny-attacker-victim-pair-inline
exit
status
retired false
exit
exit
signatures 11027 1
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
retired false
exit
exit
signatures 11028 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11029 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11030 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11031 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 11032 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 11033 0
alert-severity medium
engine service-p2p
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 15255 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 15574 0
alert-severity medium
engine fixed-tcp
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
exit
exit
signatures 15693 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 15693 1
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 16194 0
alert-severity medium
engine fixed-tcp
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
signatures 18183 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 18183 1
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 20360 0
alert-severity medium
engine string-tcp
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 20361 0
alert-severity medium
engine atomic-ip
event-action produce-alert|deny-connection-inline|deny-packet-inline|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 27560 0
alert-severity medium
engine service-http
event-action produce-alert|deny-connection-inline|deny-packet-inline|log-attacker-packets|reset-tcp-connection|deny-attacker-victim-pair-inline
exit
status
enabled true
retired false
exit
exit
signatures 30680 0
alert-severity medium
engine fixed-tcp
event-action deny-attacker-victim-pair-inline|deny-connection-inline|deny-packet-inline|produce-alert|reset-tcp-connection
exit
status
enabled true
retired false
exit
exit
exit
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
No comments:
Post a Comment