topic My first sentence should in Network Security

IPS reports

Reshma Raje — Sun, 10 Mar 2019 13:43:00 GMT

IPS report shows victim IP address on which the attack was launched, how is external attacker able to attack specific private IP addresses in a huge infrastructure?

The connection could be

Oliver Kaiser — Mon, 14 Nov 2016 17:48:27 GMT

The connection could be established from the infected client to a C&C server. If the attack is initiated from the WAN to a server on-site you might see the private ip address because NAT is done before traffic is sent to the sfr module on Cisco ASA (or NAT is done on a router before your ips sensor).

Let me know if this answers your question.

Thank you for your reply but

Reshma Raje — Tue, 15 Nov 2016 04:14:25 GMT

Thank you for your reply but my query is, attack from external IP on internal IP where the IPS report publishes internal IP on which there was an attack tried by the external IP...

My first sentence should

Oliver Kaiser — Tue, 15 Nov 2016 07:43:21 GMT

My first sentence should answer your question. A host in your network connects to a malicious Server in the Internet... A host that is not directly reachable from the Internet due to firewall rules and/or NAT can still be attacked if it opens up a session to an attacker, which can use this session to attack said client.