IPS Tech Tip - Evasions - TCP/IP examples and handling - Sig team presentation

Similar Messages

• Cisco IPS Tech Tips: Data Center Protections and Platforms

  Hello Cisco Community Forum Members;
  Robert Albach invites you to attend a 30-45 minute Web seminar on the Cisco   IPS internal operations using WebEx. This event requires registration.
  Topic: Cisco IPS Tech Tips - Data Center Protections and Platforms
  Host: Robert Albach
  Date and Time:
  Thursday, July 19, 2012 10:00 am, Central Daylight Time (Chicago, GMT-05:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=206048546&t=a&EA=ralbach%40cisco.com&ET=ade69a0aa29f279471b6a85feae46a71&ETR=5b39cf5f535442c1763f090845d7ddd3&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click   "Submit".
  Once the host approves your registration, you will receive a confirmation   email message with instructions on how to join the event.
  For assistance
  http://www.webex.com
  IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and   any documents and other materials exchanged or viewed during the session to   be recorded. By joining this session, you automatically consent to such   recordings. If you do not consent to the recording, discuss your concerns   with the meeting host prior to the start of the recording or do not join the   session. Please note that any such recordings may be subject to discovery in   the event of litigation.

  The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
  This one will be posted a few days after the event.
  -Robert

• IPS Tech Tip - "show tech" command part 2 - IPS dev team webinar

  Hi Folks,
  The IPS product management and development team would like to invite you to this 30-40 minute webinar followed by Q&A sessions. These will be recorded and put on this forum as well. We hope you can attend.
  -Robert
  Robert Albach invites you to attend a Web seminar using WebEx. This event requires registration.
  Topic: Cisco IPS Tech Tips - show tech part 2
  Host: Robert Albach
  This month's Cisco IPS Tech Tip will continue December's show tech command discussion. The show tech command holds a wealth of information regarding your IPS's performance and status. Cisco IPS development team members will continue to talk about what all this information means to you and then answers your questions.
  Date and Time:
  January 27, 2011 10:00 am, Central Standard Time (Chicago, GMT-06:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=202882129&t=a&EA=ralbach%40cisco.com&ET=85576c2dbfd6dca4b756de40b6728a2b&ETR=5d7e40b0e38f564be0a8bd55114369fc&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click "Submit".
  Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.

  Sadly we did not get the recording done. The presentation and the example pcaps  however are on this forum now.
  -Robert

• IPS Tech Tips: IPS Best Practices with Cisco Remote Management Services

  Hi Folks -
  Another IPS Tech Tip coming up and this time we will be hearing from some past and current Cisco Remote Services members on their best practice suggestions. As always these are about 30 minutes of content and then Q&A - a low cost high reward event.
  Hope to see you there.
  -Robert
  Cisco invites you to attend a 30-45 minute Web seminar on IPS Best   Practices delivered via WebEx. This event requires registration.
  Topic: Cisco IPS Tech Tips - IPS Best Practices with Cisco Remote Management   Services
  Host: Robert Albach
  Date and Time:
  Wednesday, October 10, 2012 10:00 am, Central Daylight Time (Chicago,   GMT-05:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=203590900&t=a&EA=ralbach%40cisco.com&ET=28f4bc362d7a05aac60acf105143e2bb&ETR=fdb3148ab8c8762602ea8ded5f2e6300&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click   "Submit".
  Once the host approves your registration, you will receive a confirmation   email message with instructions on how to join the event.
  For assistance
  http://www.webex.com
  IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and   any documents and other materials exchanged or viewed during the session to   be recorded. By joining this session, you automatically consent to such   recordings. If you do not consent to the recording, discuss your concerns   with the meeting host prior to the start of the recording or do not join the   session. Please note that any such recordings may be subject to discovery in   the event of litigation. If you wish to be excluded from these invitations   then please let me know!

  Hi Marvin, thanks for the quick reply.
  It appears that we don't have Anyconnect Essentials.
  Licensed features for this platform:
  Maximum Physical Interfaces       : Unlimited      perpetual
  Maximum VLANs                     : 100            perpetual
  Inside Hosts                      : Unlimited      perpetual
  Failover                          : Active/Active  perpetual
  VPN-DES                           : Enabled        perpetual
  VPN-3DES-AES                      : Enabled        perpetual
  Security Contexts                 : 2              perpetual
  GTP/GPRS                          : Disabled       perpetual
  AnyConnect Premium Peers          : 2              perpetual
  AnyConnect Essentials             : Disabled       perpetual
  Other VPN Peers                   : 250            perpetual
  Total VPN Peers                   : 250            perpetual
  Shared License                    : Disabled       perpetual
  AnyConnect for Mobile             : Disabled       perpetual
  AnyConnect for Cisco VPN Phone    : Disabled       perpetual
  Advanced Endpoint Assessment      : Disabled       perpetual
  UC Phone Proxy Sessions           : 2              perpetual
  Total UC Proxy Sessions           : 2              perpetual
  Botnet Traffic Filter             : Disabled       perpetual
  Intercompany Media Engine         : Disabled       perpetual
  This platform has an ASA 5510 Security Plus license.
  So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license?

• Cisco IPS Tech Tips - Protecting Industrial Environments - Nov. 20 2012

  Robert Albach invites you to attend a 30-45 minute Web seminar on protecting   Industrial Environments with Cisco IPS. This event requires registration.
  Topic: Cisco IPS Tech Tips - Protecting Industrial Environments
  Host: Robert Albach
  Date and Time:
  Tuesday, November 20, 2012 10:00 am, Central Standard Time (Chicago,   GMT-06:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=204100621&t=a&EA=ralbach%40cisco.com&ET=9a66f6e8f36ecbaab4ac37ed47bae5cf&ETR=c55c84ed345001203dd77689eca88777&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click   "Submit".
  Once the host approves your registration, you will receive a confirmation   email message with instructions on how to join the event.
  For assistance
  http://www.webex.com
  IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and   any documents and other materials exchanged or viewed during the session to   be recorded. By joining this session, you automatically consent to such   recordings. If you do not consent to the recording, discuss your concerns   with the meeting host prior to the start of the recording or do not join the   session. Please note that any such recordings may be subject to discovery in   the event of litigation.

• IPS Tech Tips - Introducing NGFW with IPS

  Robert Albach invites you to attend a 30-45 minute Web seminar on the Cisco new NGFW with IPS and its operations. This event requires registration.
  Topic: Cisco IPS Tech Tips - Introducing NGFW with IPS
  Host: Cisco Security Group
  Date and Time:
  Thursday, December 19, 2013 10:00 am, Central Standard Time (Chicago, GMT-06:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=207672622&t=a&EA=ralbach%40cisco.com&ET=5a30e5f0d7b86e89044459f4fac9065e&ETR=6d878102a33643d67bc6b9d3df08da27&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click "Submit".
  Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.

  The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
  This one will be posted a few days after the event.
  -Robert

• Cisco IPS Tech Tips: 2010 Dec 16 - show tech commands

  Robert Albach invites you to attend a Web seminar using WebEx. This event requires registration.
  IPS Tech Tips are monthly webinars lasting approximately 30 minutes with question and answer to follow. This month’s event will focus on the “show tech” command and its potential relevance to your IPS operation.
  Topic: Cisco IPS Tech Tip 2010 Dec 16 - Show Tech
  Host: Robert Albach
  Date and Time:
  December 16, 2010 10:00 am, Central Standard Time (Chicago, GMT-06:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=205452108&t=a&EA=ralbach%40cisco.com&ET=72ce549014a807001ae666a6d82dcc7c&ETR=6ff5ff3ebf442ab68017b906c9ead1a7&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click "Submit".
  Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
  For assistance
  You can contact Robert Albach at:
  [email protected]
  http://www.webex.com
  IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and any documents and other materials exchanged or viewed during the session to be recorded. By joining this session, you automatically consent to such recordings. If you do not consent to the recording, discuss your concerns with the meeting host prior to the start of the recording or do not join the session. Please note that any such recordings may be subject to discovery in the event of litigation.

  The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
  This one will be posted a few days after the event.
  -Robert

• Cisco IPS Tech Tips: 2010 Dec. 16 - Show Tech Part 1 Recording

  Hi Cisco IPS Users,
  I've attached the recording from our last Tech Tips regarding the "show tech" command. We hope that you will find this of value in the operation of your Cisco IPS.
  As always feel free to leave comments on the content or future subjects you would like to see us address.
  The continuation of this discussion will take place today (Jan 27th).
  Thanks,
  -Robert
  Robert Albach
  IPS Product Management
  [email protected]

  The recordings and the presentation slides are placed here on the Cisco Support Community. I think if you roll the threads back some you will see the prior month's Tech Tips (then called Tech Talks) posted.
  This one will be posted a few days after the event.
  -Robert

• Font is not smooth and clear,have some blur!?When I tipe in google for example...

  Font,when I tipe in google for example,is not clear and smooth but have some blur???

  I found the answer!
  Go in about:config and set the gfx.direct2d.disabled to True!
  Edit: Sorry, i didn't see that your problem is in 3.6, so i think this will not work!
  This answer that i've posted is to correct the blur on firefox 4.

• Tech Tip of the Week: Syncing Distribution Groups in Office 365

  Having trouble getting your distribution groups to sync when migrating to Office 365?
  We recently worked with a customer who had over 300 distribution groups that were not syncing to Office 365. Upon review, we noticed that the distribution groups did not have a Display Name.
  Here are the steps we took in order to resolve the problem:
  1. Open ADUC “Active Directory Users and Computers “On the top menu click on view and select Advanced Features.
  2. Find the Distribution List that is not syncing to your Office 365 tenant > right click the Distribution List > select Properties > click on the attribute editor tab.
  3. There are a couple attributes that must be filled out in order  for it to Synchronize to Office 365.
  Attributes: mail,
  displayName – if they do not have any data, fill it in. Once completed click ok.
  4. Open the MIISClient. This is located on your DIRSYNC Server. The default path is: “C:\Program Files\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell\miisclient.exe”
  5. Click on Metaverse Search > input the following:
  Attribute: Mail
  Operator: Contains
  Value: 
  “Email Address of the DG”
  6. Once filled in click on search > double click the search results > click on the connectors tab. Note: If
  you only see SourceAD Management Agent, perform the following:
  7. Click on Management Agents > Right click SourceAD > click on Run > click on Full Import Stage Only > click on ok.
  8. Right click SourceAD > click on run > click on Full Sync > click on ok.
  9. Right click TargetWebService > click on Run > click on Full Confirming Import Stage > click on ok.
  10. Right click TargetWebService > click on Run > click on Full Confirming Sync > click on ok.
  11. Right click TargetWebService > click on Run > click on Export > click on ok.
  We hope you found this week’s Tech Tip useful! Do you have a problem you want us to solve in our Tech Tip of the week series? Let us know!

  Check to see that your remote session is still active, using Get-PSSession.

• TCP architecture advice and suggestions

  Hello All,
  Just trying to come up with some ideas for architecture implementation.  I am needing to communicate to multiple cRIO modules and typical use TCP in the past to communicate with each cRIO module.  I now have the problem of having multiple cRIO modules running and I want to be able to split the command set into generic and specific commands.  i.e a Generic command is received and handled in the same way for each cRIO chassis from the host controlling PC.  This allows me to have a generic type def command set and several specific type def command sets within a project.  I was hoping to use a poly on the cRIO side (and the host) in order to adapt to which command set it has received and use a different state machine (Which will all be similar) depending on which type def command it has received.  This should avoid me having one large type def CMD enum which contains all of the generic commands, all the commands for cRIO A, all the commands for cRIO B etc.
  Essentially I know this isn't going to work but is there any other ways of doing this?  Is this touching on the realms of dynamic dispatch by selecting which vi is run at runtime? Is it time to bite the bullet and use classes? Etc etc
  If anyone can shed some light it would be appreciated.
  I have thought of workarounds but that is not what I am after really, just if there is a way of doing it properly and if so where to go read up next.
  Many Thanks in advance
  Craig
  LabVIEW 2012
  Attachments:
  Example Problem.png ‏27 KB

  Hi Craig,
  If it was me building this program I would go down the dynamic dispatch/ classes route as it will allow the architecture to be very scalable as the system needs to expand.  I think any other method of implimenting this will have limitations which can be avoided by using the dynamic dispatch/ classes design. 
  In terms or where to read up on this and how to get started ni.com has a lot of documentation on this subject a simple search will find many results but I have included a few below that may help to get you started.
  If you have any more questions then please feel free to post back an I will be happy to help you further.
  Intro to LVOOP
  What the Heck is OOP
  Best Regards
  Matt Surridge
  National Instruments

• FAQ: Tips/Fixs for clicks, pops and glitches in sound ca

  I have come across this little article from the internet while surfing and thought it could be of some use posting it here. Follow the link below.
  Tips/Fixs for clicks, pops and glitches in sound card
  If after following the tips on this page you are still having troubles, then contact support or wait for other peers in the forum for further advise and suggestion.
  This particular phrase that's quoted from the article which is very true.
  "This is a HUGE topic and I have come across it many times. The hardest thing to do in tech support is to explain to someone that the fault is not to do with the audio card, but instead with the way the computer is setup or the fault of components in their system. Pcs are built to a budget and parts do suffer because of this."

  I know this stuff is 3 months old but I just got mine and hadn't yet used the pin function so now I know.
  I hope you are right Nancy that it will have updates, but I really doubt it. This is the norm for Microsoft when stuff they put out bombs. Dish Network had a DVR receiver many years ago that had Microsoft software installed and it was buggy to say the least. They updated it a few times but then abandon it. For a few years Microsoft wouldn't release the code to Dish Network to allow DN to fix the bugs. It was a real "Hate Microsoft" time for those users. DN had to put out their own coded DVR receivers and let the Microsoft ones die.
  I think VZ made a deal with MS and removed the stuff MS wasn't supporting. Then VZ put them out without needing a data package to unload them.

• IPS Tech Talk -Global Correlation

  Robert Albach of the Cisco IPS Team invites you to attend a Web seminar using WebEx. This event requires registration.
  The event is a 30 minute webinar on Global Correlation - its operation and how it works with your Cisco IPS. Following the presentation there will be Question and Answer period with members of the IPS development team.
  Topic: Cisco IPS Tech Talk 2010 Nov 18
  Host: Robert Albach
  Date and Time:
  November 18, 2010 10:00 am, Central Standard Time (Chicago, GMT-06:00)
  To register for the online event
  1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=204029379&t=a&EA=ralbach%40cisco.com&ET=6511931d5b5055f2311dc9824532002a&ETR=2c3560b429c7cfc0c2553092a899c175&RT=MiM3&p
  2. Click "Register".
  3. On the registration form, enter your information and then click "Submit".
  Once the host approves your registration, you will receive a confirmation email message with instructions on how to join the event.
  For assistance
  You can contact Robert Albach at:
  [email protected]

  Will this event be available for viewing later?  10am CST is about 1am here in Korea, so I don't think I'll be able to attend live.

• Tech Tip of the Week: Windows Powershell CMDlets

  This week’s tech tip is for all you Windows PowerShell users.If you’re using PowerShell,  you may already know about CMDlets. If not, this post is sure to excite you, as CMDlets (pronounced “command-let”) are nifty commands that will ease the process of using
  Powershell. 
  Here are 5 CMDlets to get you started:
  1. Get-Recipient | Where {$_.EmailAddresses –match “[email protected]”}
  This CMDlet will find an email address that is inside of the quotes.
  2. (Get-Mailbox) | ForEach {Set-Mailbox $_.Identity –RetentionPolicy “Contoso-Policy”}
  This CMDlet applies a single retention policy to all users.
  3. Get-MSOLUser | Set-MSOLUser –PasswordNeverExpires $true
  This sets all users passwords to never expire (Requires Azure Module)
  4. (Get-Recipient) | ForEach {Add-RecipientPermission –identity $_.PrimarySMTPAddress –trustee [email protected] –AccessRights SendAs –Confirm:$Y}
  This gives a single mailbox SendAs rights to all other recipients (groups, mailboxes, external contacts).
  5. (Get-Mailbox) | ForEach {Enable-Mailbox –identity $_.PrimarySMTPAddress –Archive}
  This CMdlet turns on archiving for all mailboxes
  Try out these CMDlets and let us know what you think!

  This week’s tech tip is for all you Windows PowerShell users.If you’re using PowerShell,  you may already know about CMDlets. If not, this post is sure to excite you, as CMDlets (pronounced “command-let”) are nifty commands that will ease the process of using
  Powershell. 
  Here are 5 CMDlets to get you started:
  1. Get-Recipient | Where {$_.EmailAddresses –match “[email protected]”}
  This CMDlet will find an email address that is inside of the quotes.
  2. (Get-Mailbox) | ForEach {Set-Mailbox $_.Identity –RetentionPolicy “Contoso-Policy”}
  This CMDlet applies a single retention policy to all users.
  3. Get-MSOLUser | Set-MSOLUser –PasswordNeverExpires $true
  This sets all users passwords to never expire (Requires Azure Module)
  4. (Get-Recipient) | ForEach {Add-RecipientPermission –identity $_.PrimarySMTPAddress –trustee [email protected] –AccessRights SendAs –Confirm:$Y}
  This gives a single mailbox SendAs rights to all other recipients (groups, mailboxes, external contacts).
  5. (Get-Mailbox) | ForEach {Enable-Mailbox –identity $_.PrimarySMTPAddress –Archive}
  This CMdlet turns on archiving for all mailboxes
  Try out these CMDlets and let us know what you think!

• What is tcp-keepalives-in and tcp-keepalives-out

  Can anyone help me out by telling the both things and the differences between
  tcp-keepalives-in and tcp-keepalives-out
  Thanks
  Irshad

  Irshad,
  If you have already not read this link...
  http://www.cisco.com/en/US/tech/tk801/tk36/technologies_tech_note09186a00801365f3.shtml