07-02-2010 07:13 AM - edited 03-10-2019 05:02 AM
I've limited OS mapping and APR to a specific set of IPs (my inside network), but I still see outside IP addresses showing up in the list of learned OS. is this normal? I tried clearing out the learned OS list, but am still seeing the outside addresses populating.
I've seen this on 7.03(2)E4 and 7.0(3)E4 and on 3 different units (2 AIP-SSM20s and a 4240).
Thanks.
Solved! Go to Solution.
07-02-2010 11:11 AM
This is expected behavior - the setting restircts the calculation of the Attack Relevenacy Rating to the configured range, not the actual OS identification process.
Scott
07-02-2010 11:11 AM
This is expected behavior - the setting restircts the calculation of the Attack Relevenacy Rating to the configured range, not the actual OS identification process.
Scott
07-02-2010 11:14 AM
OK, thanks. The verbage led me to believe it restricted collection of fingerprint data as well.
07-02-2010 11:15 AM
Yes, it is a confusing phrasing within the IDM GUI.
Scott
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide