Cisco Cisco IPS 4255 Sensor
5
Release Notes for Cisco Intrusion Prevention System 5.1(8)E3
OL-20155-01
New and Changed Information
Note
If you are using these tools to monitor 5.1(8)E3 sensors, add the sensors to the configuration
as if they were 4.1 sensors. You cannot view the new fields in 5.1(8)E3 alerts in these alarm
viewers until they have been upgraded to accommodate the new fields in 5.1(8)E3. Security
Monitor 2.1 is being upgraded to display the fields in 5.1(8)E3 alerts.
as if they were 4.1 sensors. You cannot view the new fields in 5.1(8)E3 alerts in these alarm
viewers until they have been upgraded to accommodate the new fields in 5.1(8)E3. Security
Monitor 2.1 is being upgraded to display the fields in 5.1(8)E3 alerts.
Note
Viewers that are already configured to monitor the 4.x sensors may need to be configured to
accept a new SSL certificate for the 5.1(8)E3 sensors.
accept a new SSL certificate for the 5.1(8)E3 sensors.
For More Information
For the procedure for configuring a new SSL certificate, for the CLI, refer to
, and for
.
New and Changed Information
Cisco IPS 5.1(8)E3 includes the E3 signature engine update and the S365 signature update. The S365
signature update is a built in to the E3 engine update. You cannot download S365 separately.
signature update is a built in to the E3 engine update. You cannot download S365 separately.
•
Signature date and type
The signature date represents the date at which the signature was first created. The date is stored in
the format YYYYMMDD. The signature type represents the category in which a specific signature
falls. Signatures are broadly classified as vulnerability, exploit, anomaly, component, or other. The
default is other.
the format YYYYMMDD. The signature type represents the category in which a specific signature
falls. Signatures are broadly classified as vulnerability, exploit, anomaly, component, or other. The
default is other.
•
Duplicate packet detector statistics
Duplicate packet statistics are now added to the TCP Normalizer Stage Statistics section of the show
statistics virtual sensor command output. Large numbers of duplicate packets being reported by
the Normalizer can aid in the detection of sensor deployment and configuration problems. Duplicate
packets are often seen in situations where a single virtual sensor is monitoring two or more
networks, and is seeing a TCP connection crossing two or more of these networks. In this situation
you can reconfigure the sensor to monitor each network using a different virtual sensor. If both
networks must be monitored by a single virtual sensor, configure the virtual sensor with the
inline-TCP-session-tracking-mode parameter set to either interface-and-vlan or vlan-only.
statistics virtual sensor command output. Large numbers of duplicate packets being reported by
the Normalizer can aid in the detection of sensor deployment and configuration problems. Duplicate
packets are often seen in situations where a single virtual sensor is monitoring two or more
networks, and is seeing a TCP connection crossing two or more of these networks. In this situation
you can reconfigure the sensor to monitor each network using a different virtual sensor. If both
networks must be monitored by a single virtual sensor, configure the virtual sensor with the
inline-TCP-session-tracking-mode parameter set to either interface-and-vlan or vlan-only.
•
UDP length parameter in Atomic engines
A new parameter to match a specific UDP length was added. This engine parameter is added in the
Atomic IP Advanced and Atomic IP engine for l4-protocol UDP. The purpose of this parameter is
to check if UDP total length falls within a specific range.
Atomic IP Advanced and Atomic IP engine for l4-protocol UDP. The purpose of this parameter is
to check if UDP total length falls within a specific range.
Cisco Security Intelligence Operations
The Cisco Security Intelligence Operations site on Cisco.com provides intelligence reports about current
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
vulnerabilities and security threats. It also has reports on other security topics that help you protect your
network and deploy your security systems to reduce organizational risk.
You should be aware of the most recent security threats so that you can most effectively secure and
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.
manage your network. Cisco Security Intelligence Operations contains the top ten intelligence reports
listed by date, severity, urgency, and whether there is a new signature available to deal with the threat.