I am working at a client site today that has a Cisco IPS 4240 employed near the edge of their network.
Using IME, I have taken a look at some of hte recurring events that the device is reporting. Over and over again, there is a 3030 signature match occuring from various hosts on the Inside networks that are allegedly targeting outside public addresses.
The signature name of 3030 is TCP SYN Host Sweep. When I drill down into the event, it lists its Severity level as "Informational".
What can I do to determine if this activity is problematic and potentially eliminate it? Teh IPS does not report that it is taking any "Action" against these packets.