Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
2
Helpful
1
Replies

IPS reports

Reshma Raje
Level 1
Level 1

‎11-13-2016 04:38 AM - edited ‎03-10-2019 06:42 AM

The attacks blocked by IPS even shows internal IP addresses... Why is that so? Can some help me understand this?

Labels:
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎11-21-2016 12:19 PM

There are several possibilities here but the top two things that come to mind are:

1. The actual host on the inside of your network is doing the attack

2. The attacker is using a spoofed IP

Are you able to drill more into the event and investigate and correlate the events?

Thank you for rating helpful posts!

Thank you for rating helpful posts!
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card