About jchrisos

jchrisos · 12-20-2007

DNS queries from an inside interface (high security level) are not making it out of the outside interface (zero security level).Here's the error:Dec 20 2007 08:17:43: %ASA-2-106007: Deny inbound UDP from 192.168.1.10/1442 to a.b.129.157/53 due to DNS...

jchrisos · 11-27-2006

I set up a SPAN/monitor source and destination port. I have a server attached to the source port, and a sniffer attached to the destination port.When I run my sniffer, I expect to see traffic to or from the server that is on the source port, in addi...

jchrisos · 03-08-2006

I installed the S219 updates on one of our client's IDSes. After the install, the eth0 (sniffing) interface started bouncing. I'm getting the following errors constantly (i.e. 2300 in 2 hours)evError: eventId=1084139354956127055 severity=warning o...

jchrisos · 02-10-2006

Is there any way to resolve the reported IP address in a signature that fired into a hostname? Here's the background as to why:We have a customer with a custom signature. We have a list of authorized devices which basically tells us not to sound th...

jchrisos · 09-21-2005

Is there a single command to set "CapturePacket True" on ALL sigs? Or do I need to create a script to copy/paste that tells the IDS to capture packets for each signature one by one?Thanks!Jim

jchrisos · 12-20-2007

Oh man. My bad.route inside 0.0.0.0 0.0.0.0 x.x.x.x 1 needed to be route outside...

jchrisos · 11-30-2006

Found the problem!We have very infrequest commincations going on between several machines. By default, the switch's CAM table removes MAC addresses every 300 seconds (every 5 minutes). The flooding recurred every 10 or so minutes so by that time, t...

jchrisos · 11-28-2006

I believe they are using 802.1q. Here's the config from the main/near switch:VTP Version : 2Configuration Revision : 12Maximum VLANs supported locally : 1005Number of existing VLANs : 13VTP Operating Mode ...

jchrisos · 11-27-2006

Yeah, was a typo. The link he posted is definitely steering me in the right direction. It is indeed flodding as I am no longer SPANing the port, but instead added the port as a standard port on our VLAN and I see flodded traffic (the original sourc...

jchrisos · 11-27-2006

Ohh, that seems to make sense. Looking into it now. In the meantime, thanks!

Member Since	‎01-24-2005 01:05 PM
Date Last Visited	‎08-18-2017 03:53 AM
Posts	29
Total Helpful Votes Received	3

User Statistics

User Activity

DNS queries on ASA are being blocked/intercepted!?!?!

Unintended traffic seen on SPANed port

interface bouncing after S219 install on 4250 IDS/4.1

resolving IPs to hostnames in IDS events

Single command to set "CapturePacket True" on ALL sigs?

Re: DNS queries on ASA are being blocked/intercepted!?!?!

Re: Unintended traffic seen on SPANed port

Re: Unintended traffic seen on SPANed port

Re: Unintended traffic seen on SPANed port

Re: Unintended traffic seen on SPANed port