Network in IPS alerts

Unanswered Question
Feb 20th, 2009
User Badges:

Good afternoon:

I have a Cisco IPS 4240 sensor. This appliance is generating alerts with the network as attacker and victim.


Severity informational

Application Name sensorApp

Event Time 02/20/2009 12:26:19

Sensor Local Time 01/20/2009 12:26:19

Signature ID 1330

Signature Sub-ID 16

Signature Name TCP Drop - PAWS check failed

Signature Version S248

Signature Details TCP Packet segment failed PAWS check

Attacker IP

Target IP

Target Port 0

Target Locality OUT

Someone can tell me. What can say this.

Thank's in advanced.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Syed Iftekhar Ahmed Fri, 02/20/2009 - 13:07
User Badges:
  • Blue, 1500 points or more

This generally happens when in Summary Mode the alerts

are coming from a large number of Attacker or are directed to large number of Victim IPs.

So instead of trying to show perhaps thousands of IPs in the attacker and/or victim address fields, the field will be populated with only

If you want to see an alert for each time it is triggered, you

can reconfigure the signature and set it to FireAll mode with no Summary




This Discussion