Cisco Cisco IPS 4255 Sensor
6
Release Notes for Cisco Intrusion Prevention System 6.2(2)E4
OL-21670-01
MySDN Decommissioned
AIP SSM-40. Medium memory retired platforms have at least 1 GB and less than 4 GB of maximum
sensor memory, and include the following sensors: IDSM2, IPS 4240, IPS 4255, IPS 4260, and IPS
4270-20. Platforms with 4GB and higher maximum sensor memory are considered high memory
platforms. As the signatures are loaded, the value of retired is evaluated based on the platform
loading the signatures.
sensor memory, and include the following sensors: IDSM2, IPS 4240, IPS 4255, IPS 4260, and IPS
4270-20. Platforms with 4GB and higher maximum sensor memory are considered high memory
platforms. As the signatures are loaded, the value of retired is evaluated based on the platform
loading the signatures.
The Retired parameter has the following new options:
•
True—Retired on all platforms.
•
Medium Memory Retired—Signature is retired on all medium and low memory platforms.
•
Low Memory Retired—Signature is retired on low memory platforms.
•
False—Signature is not retired on any platform.
•
Three new String engines that provide support for future IPS hardware and software
releases—String ICMP XL, String TCP XL, and String UDP XL.
releases—String ICMP XL, String TCP XL, and String UDP XL.
These signature engines provide optimized operation for new hardware and are not operational in
the E4 update. If you try to use them, you will receive an error message.
the E4 update. If you try to use them, you will receive an error message.
•
Signature definition support for three new IOS IPS engines—Service FTP V2, Service HTTP V2,
and Service SMTP V1.
and Service SMTP V1.
These signature engines provide a protocol decode engine tuned for IOS IPS. If you try to use these
engines, you receive an error message.
engines, you receive an error message.
•
The Service DNS engine has been enhanced to provide domain name matching.
A new parameter, FQDN (Fully Qualified Domain Name) has been added in the Specify Block
parameter to enable this capability. FQDN matching uses a case insensitive substring matching
algorithm instead of regular expressions. Because it matches on substrings, you must take care in
constructing the FQDN parameter.
parameter to enable this capability. FQDN matching uses a case insensitive substring matching
algorithm instead of regular expressions. Because it matches on substrings, you must take care in
constructing the FQDN parameter.
For example, an FQDN parameter of “cisco.com” will match any domain name lookup for
computers in the “cisco.com” domain, but it will also match the “sanfrancisco.com” domain as well.
Including the “.” as in “.cisco.com” will eliminate the obvious false positive, but remember that the
shorter the FQDN string, the higher the likelihood of a false positive. You can write a simple
signature as a custom signature in the Service DNS engine by setting the protocol to UDP, setting
FQDN to yes, and then setting the FQDN string to cisco.com.
computers in the “cisco.com” domain, but it will also match the “sanfrancisco.com” domain as well.
Including the “.” as in “.cisco.com” will eliminate the obvious false positive, but remember that the
shorter the FQDN string, the higher the likelihood of a false positive. You can write a simple
signature as a custom signature in the Service DNS engine by setting the protocol to UDP, setting
FQDN to yes, and then setting the FQDN string to cisco.com.
Caution
The FQDN match is performed on DNS queries for “A records” (DNS Type 1 query) only. DNS
responses are not matched, nor are other types of queries, such as MX records.
responses are not matched, nor are other types of queries, such as MX records.
•
The P2P inspection engine has been enhanced to detect the Share P2P software popular in Japan.
For More Information
•
For detailed information on the Service HTTP engine, refer to
•
For detailed information on the Meta engine, refer to
MySDN Decommissioned
Because MySDN has been decommissioned, the URL in older versions of IDM and IME is no longer
functional. If you are using IPS 6.0 or later, we recommend that you upgrade your version of IDM and
IME.
functional. If you are using IPS 6.0 or later, we recommend that you upgrade your version of IDM and
IME.