Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Dear Support,We are seeing "IP Fragment Incomplete Datagram" attack from 10.132.1.17 to 10.132.1.18 and vice versa. These servers are running in Windows 2003 OS but IPS shows IP fragment Incomplete datagram attack from above source to destination on ...
Dear Support,We have deployed Cisco IPS 4240 device which monitor only our company LAN traffic. Monitoring console shows that there are many internal IPs are contacting DNS servers wherein it shows "large ICMP traffic" as below. Let us know whether a...
Hi, We are seeing continous deny hits from one source to one destination on port 514 even though access is allowed in FWSM. Below is the logsApr 10 04:51:57 10.132.48.1 Apr 10 2011 04:51:57 JEDDCSFFWSM01 : %FWSM-4-106023: Deny udp src DMZ50:source IP...
Hi,Can any one have any idea on why we are seeing huge number of "Windows Account Locked" alert in Cisco IPS device towards only one Windows server.We checked whether Windows server is generating any malicious traffic by scanning the server but nothi...
Hi,I need your valuable advise to resolve authentication issue. My requirement is; bluecoat proxy SG should authenticate with Cisco Model 1113(4.2 software) once authenticated, user account created in Cisco ACS should be allowed to browse internet. W...
Dear Bob,Thanks for your response. Could you please let me know more details about MTU?.. As you said, all destination IPs are my company DNS server and not sure why clients are sending ICMP packet to DNS server instead of sending DNS query?Your det...
Hi Srikanth,Security level for DMZ40 is 45 and DMZ50 is 50 and we are not using any NATing on this device(FWSM). Access list is there from this source to destination for UDP 514 port.RegardsPapdheen M
Dear Sid,Thanks for your response. Actually attacker IP is a database server joined in domain and attacker username is showing as empty"Server is running with latest AV signature.Attacker IP - Database server(server itsefl)Destination- Active Direcot...
