Cisco Cisco IPS 4255 Sensor
34
Release Notes for Cisco Intrusion Prevention System 6.1(1)E1
OL-17173-01
Caveats
•
CSCso21050—Frequent error generation - SigEventList not empty
•
CSCsm70361—service external-product-interface config not carried forward on upgrade
•
CSCsk84825—Non-printable character in event XML causes cascading events
•
CSCsk09025—idsm2 interface Operational Mode: down after reload from switch
•
CSCsj75538—Auto Update - not pulling platform specific patch
•
CSCsj18246—Event variables not tagged with the smallest locality
•
CSCsi10476—cidsAlertProtocol missing from SNMP Traps
•
CSCsg21826—CISCO-CIDS-MIB v3.5 does not have denyPacket and blockHost defined
•
CSCsj68881—Auto update settings won't save correctly in IDM.
•
CSCsi96099—Borealis - IDM/webserver - 2 unknown failed control transactions
Known Caveats
The following known issues are found in Cisco IPS 6.1(1)E1:
•
CSCso96079—META alarms may have the wrong risk ratings
•
CSCso85697—crazy traffic inline causes failure in updateProtocolState
•
CSCso78274—ASA/SSM False Failover
•
CSCso74628—Attack mis-counts seen with promiscuous mode (moderate traffic)
•
CSCso60709—Flood net Engine Sigs 69xx are not firing in promiscuous mode
•
CSCso49304—IPS - Large KB Thresholds represented as negatives
•
CSCso45473—Analysis Engine terminated prematurely
•
CSCso28141—Wrong attack context data captured
•
CSCso20750—modify-packet-inline computing incorrect checksum
•
CSCso15103—4260 w/ Rev. 8 or 9 4x1Gb NIC may enter HW bypass on engine update
•
CSCso09813—Missing victim context data in sig 5081
•
CSCso02370—CPU and Load periodically revert to 0
•
CSCsm90428—string-tcp alert contains incorrect data in 'from target' context
•
CSCsm72321—AIP module get stuck in high cpu due to mainApp infinite loop
•
CSCsm46158—Critical memory condition can cause race condition
•
CSCsm24466—Jumbo frames on XL interface can cause dropped packets
•
CSCsl69776—AD is not generating an alert for every worm attacker
•
CSCsl66235—Setup errors after defaulting sensor config via IDM
•
CSCsk53813—upgrade log files are not preserved during an upgrade
•
CSCsj83029—CRAZYHAWK:sig 1308_0 not firing on fragroute tcp_chaff TTL attack
•
CSCsj82458—global-block-timeout allows values outside supported range
•
CSCsj80889—IP frags subjected to modify-packet-inline have been re-fragmented
•
CSCsj78809—IPS 6.0(3) SigProcessor failure with reinjected frag
•
CSCsj70643—Normalizer signatures not modifying-packet-inline