Filter 6551 (TCP) and 8268 (UDP) where created with the explicit purpose of providing security administrators a way to test the functionality if the Intrusion Prevention System (IPS) devices. This filters detect a specific string of random text sent through the IPS device. This random text is very unlikely to occur in normal traffic, and thus provides the TippingPoint administrator with a way to 'monitor' the IPS by generating an alert each time this string is sent through the device.
The string which is sent through the device is below. Please note this string has been chopped in half to avoid inadvertently firing this filter, you must remove the whitespace in the middle of this string before sending it through the device. After removing all whitespace, the resulting string should be 96 bytes in length. Please direct the TCP stream to a destination port other than port 80.
h53y0zG5x:Z7ygdX#zzh2xO;A4XHdwVG5OysSp:6mjsn pYLQnEMZqJMipFjYS#6JkSmXR2:2chYFalNGxjF1n:9JDGdIPxP7
To enable the test, copy the string to a text file and move this text file across the IPS. Please use SMB or FTP as email encodes the string and set the filter to "Permit + Notify".
Note: Filters are disabled by default.
