Our security group is reporting Ping_sweep events from our LMS 3.0, Unix - Solaris 10, system to the DOD = 30.1.*.*
I am unable to locate this IP address range within the LMS application. Is there a way to figure out if LMS is actuallying pinging this IP address range? If so, and I do find it, how can I stop it?
I did just add this range to the Excluded devices file, but I didn't think it would help much...
First, make sure UTMajorAcquisition is not running. Then, edit NMSROOT/campus/etc/cwsi/ut.properties, and check for a property:
If it's not there, add it to the end of the file with the value:
If such a property already exists, then append the value above to the end of the existing value after first appending a colon (':').
Once that property is in place, start a new UT acquisition, and see if the firewall records a sweep. If not, let LMS run for a while, and see if the sweep shows up again.