Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1004
Views
0
Helpful
2
Replies

"Echo Test " signature is triggering on CISCO IPS

tejeu_tejeu
Level 1
Level 1

‎09-22-2011 09:29 AM - edited ‎03-10-2019 05:29 AM

Hi,

In one of our customer “Echo Test “ signature is triggering on CISCO IPS for private to private IP and some time source and destination IP’s will be 0.0.0.0.

Can any one help me to understand what is this signature and why it’s triggering.

Thanks & Regards,

Tejesh. U

Labels:
0 Helpful
2 Replies 2

marcabal
Cisco Employee
Cisco Employee

‎09-22-2011 11:30 AM

The 0.0.0.0 address appears in Summary Alerts. Multiple signature triggerings have been Summarized into a single Alert.  Instead of listing every address from the individual triggerings the Summary alert will put 0.0.0.0 in for either the source address, destination address, or both addresses depending on the type of Summarization being done.

You can tune the signature itself to disable Summarization if you really need to see the individual addresses.

Keep in mind, however, that Summarization is used to keep the sensor from flooding your monitoring station with alerts for every triggering.

0 Helpful

tejeu_tejeu
Level 1
Level 1
In response to marcabal

‎09-23-2011 01:53 AM

Dear marcabal,

Thanks for your valuable information.

Please let me know what is this "Echo Test" event and in which situation and why this kind of signature will trigger. Can we ignore this kind of events.

Can you please help me to understand.

Thanks & Regards,

Tejesh. U

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card