LAB 4, IPS Section question says:
A custom signature 61000 is required on the Cisco IPS sensor as follows:
Trigger - Whenever it detects an OSPF Hello packets .
Action – Produce verbose Alert when OSPF Packet is detected
Alert-severity – High
I made a custom "Atomic IP" signature that triggers when it matches "Other Protocol -> 89"
Can anyone confirm if this is the right solution? Is there a way to be more specific and trigger only for HELLO packets and not for the entire protocol?