Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
DNS queries from an inside interface (high security level) are not making it out of the outside interface (zero security level).Here's the error:Dec 20 2007 08:17:43: %ASA-2-106007: Deny inbound UDP from 192.168.1.10/1442 to a.b.129.157/53 due to DNS...
I set up a SPAN/monitor source and destination port. I have a server attached to the source port, and a sniffer attached to the destination port.When I run my sniffer, I expect to see traffic to or from the server that is on the source port, in addi...
I installed the S219 updates on one of our client's IDSes. After the install, the eth0 (sniffing) interface started bouncing. I'm getting the following errors constantly (i.e. 2300 in 2 hours)evError: eventId=1084139354956127055 severity=warning o...
Is there any way to resolve the reported IP address in a signature that fired into a hostname? Here's the background as to why:We have a customer with a custom signature. We have a list of authorized devices which basically tells us not to sound th...
Is there a single command to set "CapturePacket True" on ALL sigs? Or do I need to create a script to copy/paste that tells the IDS to capture packets for each signature one by one?Thanks!Jim
Found the problem!We have very infrequest commincations going on between several machines. By default, the switch's CAM table removes MAC addresses every 300 seconds (every 5 minutes). The flooding recurred every 10 or so minutes so by that time, t...
I believe they are using 802.1q. Here's the config from the main/near switch:VTP Version : 2Configuration Revision : 12Maximum VLANs supported locally : 1005Number of existing VLANs : 13VTP Operating Mode ...
Yeah, was a typo. The link he posted is definitely steering me in the right direction. It is indeed flodding as I am no longer SPANing the port, but instead added the port as a standard port on our VLAN and I see flodded traffic (the original sourc...
