Table Of Contents
Release Note for the Cisco Traffic Anomaly Detector Appliance
Contents
New Features in Software Version 5.0(1)
Operating Considerations
Software Version 5.0(x) Open Caveats
Software Version 5.0(3) Resolved Caveats
Related Documentation
Obtaining Documentation, Obtaining Support, and Security Guidelines
Release Note for the Cisco Traffic Anomaly Detector Appliance
July 31, 2006
Note 
The most current Cisco documentation for released products is also available on Cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were released.
Contents
This release note applies to software versions 5.0(1) and 5.0(3) for the Cisco Traffic Anomaly Detector appliance (Detector). This release note contains the following sections:
•New Features in Software Version 5.0(1)
•Operating Considerations
•Software Version 5.0(x) Open Caveats
•Software Version 5.0(3) Resolved Caveats
•Related Documentation
•Obtaining Documentation, Obtaining Support, and Security Guidelines
New Features in Software Version 5.0(1)
The following new features are available in software version 5.0(1):
•24x7 Protection and Learning
–Simultaneous detection and learning
–Detector learns for Guard
–New handling of snapshots
–New Detector-to-Guard communication protocols
•Traffic Analysis
–DDoS-optimized peace vs. attack traffic analyzer
•Signature Extraction
•Content-based filter
•New activation interfaces
–Protect by IP
–Protect by packet
–New handling of sub-zones
•Internal improvements to DNS anti-spoofing mechanism
•No reload required on most network reconfigurations
•Improved hard drive failure handling
•Worm Detection (TCP policies only)
•Improved attack start and stop timing
•Handling of new attack sub-types
•Secure FTP support for various file exports
Operating Considerations
The following operating considerations apply to the Cisco Traffic Anomaly Detector.
•Caution when upgrading the software - Do not press Ctrl-C during the upgrade process or the upgrade may fail.
•The copy ftp command only supports active mode.
Software Version 5.0(x) Open Caveats
The following caveats are open in software version 5.0(x):
•CSCsb20206The Web-Based Manager (WBM) remains unresponsive while the pop up window waits for results from the signature generation process. Even if you close the pop up window manually, the WBM remains unresponsive while signature generation is in progress. Workaround: Wait until the pop up window receives a result, or issue the no service wbm command.
•CSCsb05557remote activation and sync processes from the Detector to the Guard do not function when the Detector is located behind a device that is performing Network Address Translation (NAT). Workaround: Reconfigure the network configuration to disable NAT.
•CSCsb29083packet dumps in different zones. Workaround: Assign unique names to manual packet dumps.
•CSCsb29077 IP addresses to the threshold list of a policy results in wrong IP addresses in the list. Workaround: Only use the CLI to add IP addresses to a threshold list.
Software Version 5.0(3) Resolved Caveats
The following caveats were resolved in software version 5.0(3):
•CSCsb46255 - The Detector may erroneously report millions of concurrent connections.
•CSCsb50696 - The Detector uses the root username when importing configurations using SFTP.
•CSCsb52737 - The Detector does not respond after you upgrade it from software version 3.0(x) to 5.0(x).
•CSCsb53813 - Using the clear config command may cause remote activation to become unresponsive.
•CSCsb55055 - The Detector does not properly upgrade zones that contain a hyphen ( - ) or a
period ( . ) in the zone name.
Related Documentation
The following Detector documents are available:
•Cisco Traffic Anomaly Detector Configuration Guide
•Cisco Traffic Anomaly Detector Web-Based Manager Configuration Guide
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
.
