Posted on 2009-02-23
Last Modified: 2013-11-29
Dear Sir, i find IPS signatures very complex, how can i better understand these signatures in simplest way. could you please give me some sources explaining about IDP/IPS. how different they are from viruses.
Question by:shoeb_fbd
    LVL 3

    Accepted Solution

    IDS / IPS signatures are used to mitigate viruses and vulnerabilities and in some cases to recognize malicious traffic / patterns. Unfortunately they are assembled and presented differently based on manufacturer so a single guide does not exist. If you post the model / manufacturer of the system you are using, there may be a document. Below is a link that explains the basics.
    LVL 38

    Expert Comment

    by:Rich Rumble
    They all work about the same, snort is an easy one to get started with...
    Some rules are easy to write...
    Others are far more complex, and can span multiple packets and or protocols... But it's easy to capture the traffic, and try to write one yourself, or eve submit to a group who will look at the data. The sig linked above, simply look for the word fgdump.svc in a packet destined for the local network. There are quite a few different ways to make a sig, some better than others.
    Good short examples:

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    10 Experts available now in Live!

    Get 1:1 Help Now