About mustafa.papdheen

mustafa.papdheen · 07-09-2011

Dear Support,We are seeing "IP Fragment Incomplete Datagram" attack from 10.132.1.17 to 10.132.1.18 and vice versa. These servers are running in Windows 2003 OS but IPS shows IP fragment Incomplete datagram attack from above source to destination on ...

mustafa.papdheen · 07-09-2011

Dear Support,We have deployed Cisco IPS 4240 device which monitor only our company LAN traffic. Monitoring console shows that there are many internal IPs are contacting DNS servers wherein it shows "large ICMP traffic" as below. Let us know whether a...

mustafa.papdheen · 04-16-2011

Hi, We are seeing continous deny hits from one source to one destination on port 514 even though access is allowed in FWSM. Below is the logsApr 10 04:51:57 10.132.48.1 Apr 10 2011 04:51:57 JEDDCSFFWSM01 : %FWSM-4-106023: Deny udp src DMZ50:source IP...

mustafa.papdheen · 03-03-2011

Hi,Can any one have any idea on why we are seeing huge number of "Windows Account Locked" alert in Cisco IPS device towards only one Windows server.We checked whether Windows server is generating any malicious traffic by scanning the server but nothi...

mustafa.papdheen · 10-12-2011

Hi,I am getting below error.ACS Logs:"Oct 12 10:31:10 CisACS_02_FailedAuth h9wcpa1g 1 0 Message-Type=Authen failed,User-Name=masir,NAS-IP-Address=10.10.10.10 ,Authen-Failure-Code=ACS password invalid,NAS-Port=masir,Group-Name=WLAN_GUEST_DB,"Packet...

mustafa.papdheen · 10-10-2011

Hi,I need your valuable advise to resolve authentication issue. My requirement is; bluecoat proxy SG should authenticate with Cisco Model 1113(4.2 software) once authenticated, user account created in Cisco ACS should be allowed to browse internet. W...

mustafa.papdheen · 07-15-2011

Dear Bob,Thanks for your response. Could you please let me know more details about MTU?.. As you said, all destination IPs are my company DNS server and not sure why clients are sending ICMP packet to DNS server instead of sending DNS query?Your det...

mustafa.papdheen · 04-17-2011

Hi Srikanth,Security level for DMZ40 is 45 and DMZ50 is 50 and we are not using any NATing on this device(FWSM). Access list is there from this source to destination for UDP 514 port.RegardsPapdheen M

mustafa.papdheen · 03-13-2011

Dear Sid,Thanks for your response. Actually attacker IP is a database server joined in domain and attacker username is showing as empty"Server is running with latest AV signature.Attacker IP - Database server(server itsefl)Destination- Active Direcot...

Member Since	‎02-01-2010 11:31 PM
Date Last Visited	‎08-18-2017 03:55 AM
Posts	13

User Statistics

User Activity

IP Fragment Incomplete Datagram attack in IPS

Large ICMP Traffic from multiple sources

Continous deny hits in FWSM even though access is allowed

Seeing continous "Windows Account Locked" alert in Cisco IPS

Re: ACS v4.1 and Blue Coat ProxySG Radius Authentication not wor

Re: ACS v4.1 and Blue Coat ProxySG Radius Authentication not wor

Large ICMP Traffic from multiple sources

Re: Continous deny hits in FWSM even though access A

Re: Seeing continous "Windows Account Locked" alert in