https://community.cisco.com/t5/network-security/are-there-something-wrong-with-attackers/m-p/980135#M79595 <HTML><HEAD></HEAD><BODY><P>You don't provide enough details (what sig is firing), but it is perfectly normal for an untuned IDS/IPS to have thousands of false positives, many of which will be sourced from your own network.</P><P></P><P>You should create an event action filter that has your network space as a source and add any signatures that are false positives.</P></BODY></HTML> Wed, 02 Jul 2008 11:48:53 GMT mhellman 2008-07-02T11:48:53Z https://community.cisco.com/t5/network-security/are-there-something-wrong-with-attackers/m-p/980133#M79593 <P>When I look at the events I see %95 of the attackers from my inside network. Is it wrong or is it normal? Shouldnt I see the attackers from outside real ips?</P><P>thx</P> Sun, 10 Mar 2019 11:10:33 GMT https://community.cisco.com/t5/network-security/are-there-something-wrong-with-attackers/m-p/980133#M79593 blackswans 2019-03-10T11:10:33Z https://community.cisco.com/t5/network-security/are-there-something-wrong-with-attackers/m-p/980134#M79594 <HTML><HEAD></HEAD><BODY><P>Hi ,</P><P></P><P>In firewall case you can not check the real ip because the outside ip may be spoofed . Some time it may be real when some hackers wants to touch your network from their public domain.</P><P></P><P>As per my suggestion just imply the Reject rule in this case user can not touch your interface and you will be safe.</P><P></P><P>Shridhar</P></BODY></HTML> Wed, 02 Jul 2008 10:03:14 GMT https://community.cisco.com/t5/network-security/are-there-something-wrong-with-attackers/m-p/980134#M79594 shridhar76 2008-07-02T10:03:14Z https://community.cisco.com/t5/network-security/are-there-something-wrong-with-attackers/m-p/980135#M79595 <HTML><HEAD></HEAD><BODY><P>You don't provide enough details (what sig is firing), but it is perfectly normal for an untuned IDS/IPS to have thousands of false positives, many of which will be sourced from your own network.</P><P></P><P>You should create an event action filter that has your network space as a source and add any signatures that are false positives.</P></BODY></HTML> Wed, 02 Jul 2008 11:48:53 GMT https://community.cisco.com/t5/network-security/are-there-something-wrong-with-attackers/m-p/980135#M79595 mhellman 2008-07-02T11:48:53Z