Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
876
Views
0
Helpful
1
Replies

Attackers showing inside subnets

Matt Roberts
Level 2
Level 2

‎04-08-2013 02:20 PM - edited ‎03-10-2019 05:56 AM

All my attackers IP addresses are from my inside network. I never have an external IP show up as an attacker, its all internal. Then the victims are showing external IP addresses. Shouldn't it be the other way around, most of the time.

Labels:
0 Helpful
1 Reply 1

Sonugnair_2
Level 3
Level 3

‎04-30-2013 11:14 AM

Hi Matt,

I will just explain by an example.

Lets say that you have "ICMP network scan" signature. A person in the internal vlan just launches an ICMP scan for some public IP addresses. Now since the ICMP scan was originated by the internal host and directed againt the external public IP, inside users will be termed as attackers and the targetted system as the victim.

Just another question, what signatures are causing your internal users as the attackers?

Regards

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card