Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
900
Views
0
Helpful
3
Replies

IPS reports

Reshma Raje
Level 1
Level 1

‎11-13-2016 10:37 PM - edited ‎03-10-2019 06:43 AM

IPS report shows victim IP address on which the attack was launched, how is external attacker able to attack specific private IP addresses in a huge infrastructure?

Labels:
0 Helpful
3 Replies 3

Oliver Kaiser
Level 7
Level 7

‎11-14-2016 09:48 AM

The connection could be established from the infected client to a C&C server. If the attack is initiated from the WAN to a server on-site you might see the private ip address because NAT is done before traffic is sent to the sfr module on Cisco ASA (or NAT is done on a router before your ips sensor).

Let me know if this answers your question.

0 Helpful

Reshma Raje
Level 1
Level 1
In response to Oliver Kaiser

‎11-14-2016 08:14 PM

Thank you for your reply but my query is, attack from external IP on internal IP where the IPS report publishes internal IP on which there was an attack tried by the external IP...

0 Helpful

Oliver Kaiser
Level 7
Level 7
In response to Reshma Raje

‎11-14-2016 11:43 PM

My first sentence should answer your question. A host in your network connects to a malicious Server in the Internet... A host that is not directly reachable from the Internet due to firewall rules and/or NAT can still be attacked if it opens up a session to an attacker, which can use this session to attack said client.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card