Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
2
Replies

Are there something wrong with attackers?

blackswans
Level 1
Level 1

‎07-01-2008 10:48 PM - edited ‎03-10-2019 04:10 AM

When I look at the events I see %95 of the attackers from my inside network. Is it wrong or is it normal? Shouldnt I see the attackers from outside real ips?

thx

Labels:
0 Helpful
2 Replies 2

shridhar76
Level 1
Level 1

‎07-02-2008 03:03 AM

Hi ,

In firewall case you can not check the real ip because the outside ip may be spoofed . Some time it may be real when some hackers wants to touch your network from their public domain.

As per my suggestion just imply the Reject rule in this case user can not touch your interface and you will be safe.

Shridhar

0 Helpful

mhellman
Level 7
Level 7

‎07-02-2008 04:48 AM

You don't provide enough details (what sig is firing), but it is perfectly normal for an untuned IDS/IPS to have thousands of false positives, many of which will be sourced from your own network.

You should create an event action filter that has your network space as a source and add any signatures that are false positives.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card