I recenlty turned on the email logging feature. And I see a lot of ASA Alerts for Deny UDP reverse path from 169.254.x.x to 169.254.x.x to vlan(inside). Keep in mind, my level of experience is novice/noob.
There are several of these within an hour and day. So far I have been able to list 12 different IP's 169.154.x.x and because we have 12 endpoints on our small network, I figured it was possibly a triggered DHCP request/Self Assigned IP process happening and forgets it has a static IP for a moment.
What is the best action to take from discovering this? Understanding where this is coming from, why it is happening, and if it needs to be allowed nor not, create a rule or disable something on the firewall?
Should I ask the Sys Admin/Endpoint Admin check and validate settings for DHCP is turned off on the endpoints, check logs to verify and match up that 169.154.x.x is coming from the endpoint and should not?
Meet the Authors Event - A Cybersecurity Deep Dive with Omar Santos
(Live event – Thursday, January 23rd, 2020 at 10:00 a.m. Pacific / 1:00 p.m. Eastern / 7:00 p.m. Paris)
This event will have place on Thursday 23rd, January 2020 at 10hrs PDT
Posting this for anyone interested in using a Raspberry PI as a flow collector for Stealthwatch. We created a very lightweight version of our software. It can create flows if the eth port is attached to a SPAN or you can forward NetFlow/IPFIX ...
Dear Team Suppose we have hundreds of rules in access policy on cisco fmc device. Now I want to fetch all access policy rules in which I have mentioned some specific port number X. Can anyone help me with the process to fetch the same?
Greetings everyone, Happy New Year! I would like to thank you all for making our ISE demos in dCloud a great success!
The ISE instant demo has been in the top 5 of Enterprise demos for a long time now and recently just moved into the #1 and 2 slots...