08-17-2011 12:28 AM - edited 03-10-2019 05:27 AM
Hi,
We have a ips 4270 which reports a lot of threats with source and dest 0.0.0.0. Why is that, can't it solve these addresses?
Example:
Receive Time Severity Event Type ID Event Name Device Source Source Service Destination Destination Service Action Risk Rating Description
8/17/11 9:18:45 AM High (IPS) 4703/0 MSSQL Resolution Service Stack Overflow IPS-DEB1-1 vs1 0.0.0.0 udp/0 0.0.0.0 udp/0 100 MSSQL Resolution Service Stack Overflow
8/17/11 8:30:09 AM Low (IPS) 11020/1 BitTorrent Client Activity IPS-DEB1-1 vs1 0.0.0.0 tcp/0 0.0.0.0 tcp/0 50 BitTorrent Protocol
8/17/11 7:30:09 AM Low (IPS) 11020/1 BitTorrent Client Activity IPS-DEB1-1 vs1 0.0.0.0 tcp/0 0.0.0.0 tcp/0 50 BitTorrent Protocol
8/17/11 6:30:04 AM Low (IPS) 11020/1 BitTorrent Client Activity IPS-DEB1-1 vs1 0.0.0.0 tcp/0 0.0.0.0 tcp/0 50 BitTorrent Protocol
8/17/11 5:30:04 AM Low (IPS) 11020/1 BitTorrent Client Activity IPS-DEB1-1 vs1 0.0.0.0 tcp/0 0.0.0.0 tcp/0 50 BitTorrent Protocol
8/17/11 4:29:56 AM Low (IPS) 11020/1 BitTorrent Client Activity IPS-DEB1-1 vs1 0.0.0.0 tcp/0 0.0.0.0 tcp/0 50 BitTorrent Protocol
8/17/11 3:29:56 AM Low (IPS) 11020/1 BitTorrent Client Activity IPS-DEB1-1 vs1 0.0.0.0 tcp/0 0.0.0.0 tcp/0 50 BitTorrent Protocol
8/17/11 2:29:55 AM Low (IPS) 11020/1 BitTorrent Client Activity IPS-DEB1-1 vs1 0.0.0.0 tcp/0 0.0.0.0 tcp/0 50 BitTorrent Protocol
8/17/11 1:29:55 AM Low (IPS) 11020/1 BitTorrent Client Activity IPS-DEB1-1 vs1 0.0.0.0 tcp/0 0.0.0.0 tcp/0 50 BitTorrent Protocol
8/17/11 12:29:55 AM Low (IPS) 11020/1 BitTorrent Client Activity IPS-DEB1-1 vs1 0.0.0.0 tcp/0 0.0.0.0 tcp/0 50 BitTorrent Protocol
8/16/11 11:29:54 PM Low (IPS) 11020/1 BitTorrent Client Activity IPS-DEB1-1 vs1 0.0.0.0 tcp/0 0.0.0.0 tcp/0 50 BitTorrent Protocol
Thanx,
Marc
08-17-2011 07:57 AM
Marc,
It looks like those are summerized alerts. Have you had a chance to look at the raw alerts? I suspect the actual alerts will give you the applicable IP addresses.
If they are indeed being summerized and you wan to see each alert individually, you can disable summerization in the signature. Hope this helps.
Jonathan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide