Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
The IPS-4240-K9 [IPS Version 7.0(4) E4] is deployed in inline mode before the ASA and perimeter router .The design is LAN->IPS->ASA->Internet Router.The problem is that when i am uploading on the internet the IPS inspection load increased to 100%...
I have noticed that on IPS 4240 in our environment signature like AD-External TCP scanner,IIegal UDP scanner are firing from internal hosts which are not any known scanner machine ,just simple clients .At times the victim address is 0.0.0.0 and the p...
Hi Sawan,No there is no particular signature firing a lot..normal signatures which do fire in normal operation..By traffic load u mean the size of file being uploaded ,even if we upload a file between 20-40 MB the ping drops on the devices beyond IP...
Hi Bob,I am also getting the two signatures (OpenSSL TLS Malformed Handshak DoS 5403/0 andUnecrypted SSL 6005/0 ) firing quite frequently on IPS ,the attacker address is local proxy and the victim are internet addresses moslty from Skype Technolog...
Bob,I configure Action "Produce verbose Alert" .it did showed detailed packet capture on the event in which both attacker and victim IP was specified,but for the alert with 0.0.0.0 address it did not give any details or list of IPs. Moreover I confi...
