07-02-2010 07:13 AM - edited 03-10-2019 05:02 AM
I've limited OS mapping and APR to a specific set of IPs (my inside network), but I still see outside IP addresses showing up in the list of learned OS. is this normal? I tried clearing out the learned OS list, but am still seeing the outside addresses populating.
I've seen this on 7.03(2)E4 and 7.0(3)E4 and on 3 different units (2 AIP-SSM20s and a 4240).
Thanks.
Solved! Go to Solution.
07-02-2010 11:11 AM
This is expected behavior - the setting restircts the calculation of the Attack Relevenacy Rating to the configured range, not the actual OS identification process.
Scott
07-02-2010 11:11 AM
This is expected behavior - the setting restircts the calculation of the Attack Relevenacy Rating to the configured range, not the actual OS identification process.
Scott
07-02-2010 11:14 AM
OK, thanks. The verbage led me to believe it restricted collection of fingerprint data as well.
07-02-2010 11:15 AM
Yes, it is a confusing phrasing within the IDM GUI.
Scott
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: