Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
900
Views
0
Helpful
1
Replies

IPS log displays threats with source and dest 0.0.0.0

MJonkers
Level 1
Level 1

‎08-17-2011 12:28 AM - edited ‎03-10-2019 05:27 AM

Hi,

We have a ips 4270 which reports a lot of threats with source and dest 0.0.0.0. Why is that, can't it solve these addresses?

Example:

Receive Time          Severity          Event Type ID          Event Name          Device          Source          Source Service          Destination          Destination Service          Action          Risk Rating          Description

8/17/11 9:18:45 AM          High (IPS)          4703/0          MSSQL Resolution Service Stack Overflow          IPS-DEB1-1 vs1          0.0.0.0          udp/0          0.0.0.0          udp/0                    100          MSSQL Resolution Service Stack Overflow

8/17/11 8:30:09 AM          Low (IPS)          11020/1          BitTorrent Client Activity          IPS-DEB1-1 vs1          0.0.0.0          tcp/0          0.0.0.0          tcp/0                    50          BitTorrent Protocol

8/17/11 7:30:09 AM          Low (IPS)          11020/1          BitTorrent Client Activity          IPS-DEB1-1 vs1          0.0.0.0          tcp/0          0.0.0.0          tcp/0                    50          BitTorrent Protocol

8/17/11 6:30:04 AM          Low (IPS)          11020/1          BitTorrent Client Activity          IPS-DEB1-1 vs1          0.0.0.0          tcp/0          0.0.0.0          tcp/0                    50          BitTorrent Protocol

8/17/11 5:30:04 AM          Low (IPS)          11020/1          BitTorrent Client Activity          IPS-DEB1-1 vs1          0.0.0.0          tcp/0          0.0.0.0          tcp/0                    50          BitTorrent Protocol

8/17/11 4:29:56 AM          Low (IPS)          11020/1          BitTorrent Client Activity          IPS-DEB1-1 vs1          0.0.0.0          tcp/0          0.0.0.0          tcp/0                    50          BitTorrent Protocol

8/17/11 3:29:56 AM          Low (IPS)          11020/1          BitTorrent Client Activity          IPS-DEB1-1 vs1          0.0.0.0          tcp/0          0.0.0.0          tcp/0                    50          BitTorrent Protocol

8/17/11 2:29:55 AM          Low (IPS)          11020/1          BitTorrent Client Activity          IPS-DEB1-1 vs1          0.0.0.0          tcp/0          0.0.0.0          tcp/0                    50          BitTorrent Protocol

8/17/11 1:29:55 AM          Low (IPS)          11020/1          BitTorrent Client Activity          IPS-DEB1-1 vs1          0.0.0.0          tcp/0          0.0.0.0          tcp/0                    50          BitTorrent Protocol

8/17/11 12:29:55 AM          Low (IPS)          11020/1          BitTorrent Client Activity          IPS-DEB1-1 vs1          0.0.0.0          tcp/0          0.0.0.0          tcp/0                    50          BitTorrent Protocol

8/16/11 11:29:54 PM          Low (IPS)          11020/1          BitTorrent Client Activity          IPS-DEB1-1 vs1          0.0.0.0          tcp/0          0.0.0.0          tcp/0                    50          BitTorrent Protocol

Thanx,

Marc

Labels:
0 Helpful
1 Reply 1

Jonathan Grant
Level 1
Level 1

‎08-17-2011 07:57 AM

Marc,

It looks like those are summerized alerts.  Have you had a chance to look at the raw alerts?  I suspect the actual alerts will give you the applicable IP addresses.

If they are indeed being summerized and you wan to see each alert individually, you can disable summerization in the signature.  Hope this helps.

Jonathan

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card