Table Of Contents
Release Note for the Cisco Traffic Anomaly Detector Module
Contents
New Features in Software Version 5.0(1)
Maximum Number of Modules Supported in a Catalyst 6500 Chassis
Operating Considerations
Software Version 5.0(x) Open Caveats
Software Version 5.0(3) Resolved Caveats
Related Documentation
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Note for the Cisco Traffic Anomaly Detector Module
July 31, 2006
Note 
The most current Cisco documentation for released products is also available on Cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were released.
Contents
This release note applies to software versions 5.0(1) and 5.0(3) for the Cisco Traffic Anomaly Detector Module (Detector module). The Cisco Catalyst 6500 Series Switch and the 7600 Series Router support the Detector module.
•The Catalyst 6500 requires IOS 12.2(18)SXD3 or later and a SUP720 or a SUP2 with an MSFC2 to support the Detector module.
•The 7600 Series Router require IOS 12.2(18)SXE or later and a SUP720 to support the Detector module.
This release note contains the following sections:
•New Features in Software Version 5.0(1)
•Maximum Number of Modules Supported in a Catalyst 6500 Chassis
•Operating Considerations
•Software Version 5.0(x) Open Caveats
•Software Version 5.0(3) Resolved Caveats
•Related Documentation
•Obtaining Documentation, Obtaining Support, and Security Guidelines
New Features in Software Version 5.0(1)
The following new features are available in software version 5.0(1):
•24x7 Protection and Learning
–Simultaneous detection and learning
–Detector learns for Guard
–New handling of snapshots
–New Detector-to-Guard communication protocols
•Traffic Analysis
–DDoS-optimized peace vs. attack traffic analyzer
•Signature Extraction
•Content-based filter
•New activation interfaces
–Protect by IP
–Protect by packet
–New handling of sub-zones
•Internal improvements to DNS anti-spoofing mechanism
•No reload required on most network reconfigurations
•Improved hard drive failure handling
•Worm Detection (TCP policies only)
•Improved attack start and stop timing
•Handling of new attack sub-types
•Secure FTP support for various file exports
Maximum Number of Modules Supported in a Catalyst 6500 Chassis
The Catalyst 6500 9-slot chassis supports a combined maximum of eight Anomaly Guard modules and Traffic Anomaly Detector modules. You can install a maximum of eight Guard modules or a maximum of four Detector modules in a single chassis in any combination for a total of eight modules.
A Catalyst 6500 13-slot chassis supports a combined maximum of 10 Anomaly Guard modules and Traffic Anomaly Detector modules. You can install a maximum of eight Guard modules or a maximum of four Detector modules in a single chassis in any combination for a total of 10 modules.
Operating Considerations
The following operating considerations apply to the Cisco Traffic Anomaly Detector Module.
•Caution when upgrading the software - Do not press Ctrl-C during the upgrade process or the upgrade may fail.
•The copy ftp command only supports active mode.
Software Version 5.0(x) Open Caveats
The following caveats are open in software version 5.0(x):
•CSCsb05557Remote activation and sync processes from a Detector module to a Guard module do not function when the Detector module is located behind a device that is performing Network Address Translation (NAT). Workaround: Reconfigure the network configuration to disable NAT.
•CSCsb20206The Web-Based Manager (WBM) remains unresponsive while the pop up window waits for results from the signature generation process. Even if you close the pop up window manually, the WBM remains unresponsive while signature generation is in progress. Workaround: Wait until the pop up window receives a result, or issue the no service wbm command.
•CSCsb29077 IP addresses to the threshold list of a policy results in wrong IP addresses in the list. Workaround: Only use the CLI to add IP addresses to a threshold list.
•CSCsb29083packet dumps in different zones. Workaround: Assign unique names to manual packet dumps.
Software Version 5.0(3) Resolved Caveats
The following caveats were resolved in software version 5.0(3):
•CSCsb46255 - The Detector module may erroneously report millions of concurrent connections.
•CSCsb50696 - The Detector module uses the root username when importing configurations using SFTP.
•CSCsb55055 - The Detector module does not properly upgrade zones that contain a hyphen ( - ) or a period ( . ) in the zone name.
Related Documentation
The following documentation is available for the Cisco Traffic Anomaly Detector Module:
•Cisco Anomaly Guard Module and Traffic Anomaly Detector Module Installation Note
•Cisco Traffic Anomaly Detector Module Configuration Guide
•Cisco Traffic Anomaly Detector Module Web-Based Manager Configuration Guide
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
