Security Basics mailing list archives
Re: Question about IDS events
From: "Arturas Zalenekas" <security () zalenekas net>
Date: Mon, 6 Feb 2006 00:54:21 +0100 (CET)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi KoolK3, there could be a lot of reasons. But it is most possible, that your IDS is behind your firewall. If youd like to know more, please tell us more about your topology. Where is your FW, IDS. Is your IDS working in bridged mode !? Have you a hub or switch. Etc. Kind regards, Arturas Zalenekas Network Security Engineer and Analyst On Fri, February 3, 2006 20:49, Koolk3 wrote:
I am seeing external IP addresses in few events on my internal IDS. These are mostly port/network scan type events. I am wondering what the reason is. Instead of the firewall address why am I seeing the originating IP? Is this due to the nature of ICMP packets or does this result from scans like Nmap? Thanks for your responses. Sample events: TCP_Port_Scan Medium 80.67.72.208 10.113.128.50 TCP_Port_Scan Medium 80.67.72.208 10.113.128.50 TCP_Port_Scan Medium 80.67.72.208 10.113.128.50 TCP_Port_Scan Medium 80.67.72.208 10.119.0.50 -- KoolK3 --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFD5pAsRNnenGjQKnsRApnnAJ4nfkjr6DCcMa3fRpFl5DT99zwj5ACeN1EI R7WSsTZTT0juoWbOjxWntQw= =AdpQ -----END PGP SIGNATURE----- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Question about IDS events Koolk3 (Feb 03)
- Re: Question about IDS events Arturas Zalenekas (Feb 06)
- <Possible follow-ups>
- RE: Question about IDS events Ben Conrad (Feb 06)