Security Basics mailing list archives
RE: Question about IDS events
From: "Ben Conrad" <bconrad () COSTAR com>
Date: Mon, 6 Feb 2006 09:35:43 -0500
This is probably normal if your firewall rules allow connections to you internal hosts. You will see external addresses on the 10.113.128.50 server when you do a 'netstat'. If that traffic is making it to your internal box the IDS will inspect the packets. Ben -----Original Message----- From: Koolk3 [mailto:koolk3 () gmail com] Sent: Friday, February 03, 2006 2:49 PM To: security-basics () securityfocus com Subject: Question about IDS events I am seeing external IP addresses in few events on my internal IDS. These are mostly port/network scan type events. I am wondering what the reason is. Instead of the firewall address why am I seeing the originating IP? Is this due to the nature of ICMP packets or does this result from scans like Nmap? Thanks for your responses. Sample events: TCP_Port_Scan Medium 80.67.72.208 10.113.128.50 TCP_Port_Scan Medium 80.67.72.208 10.113.128.50 TCP_Port_Scan Medium 80.67.72.208 10.113.128.50 TCP_Port_Scan Medium 80.67.72.208 10.119.0.50 -- KoolK3 ------------------------------------------------------------------------ --- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Question about IDS events Koolk3 (Feb 03)
- Re: Question about IDS events Arturas Zalenekas (Feb 06)
- <Possible follow-ups>
- RE: Question about IDS events Ben Conrad (Feb 06)