Hi,
While studying IPS ATC video v3 from INE, I following the instructions to configure custom signature when "delete flash" command issued in Telnet. But nothing happened. Earlier, I tried to ICMP response alert in video and I saw the alert generated for it. So the SPAN part should be working.
I took sniffer trace for telnet from IPS monitoring and did see telnet traffic hit IPS. But since telnet is raw mode (per character transmit),
not sure if that is the reason it did not trigger the alert in IPS. Do we need to make telnet session be in line mode (per line transmit) to trigger it?
Sort of stuck here. Any help will be great.