cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4551
Views
0
Helpful
1
Replies

NTP Packets triggering "unknown device event type"

HEATH FREEL
Level 1
Level 1

Lately I have begun to recieve a number of "Unknow Device Event Type" alerts from our MARS Server accross a number of different IPS all located in different networks. Not sure why these appear to be triggered with a Risk Rating between or 77 or why MARS can't figure out what they are!!!

Both Source and Destination Ports are UDP 123 and the actuall event in the IPS is "NTP MODE_PRIVATE Denial of Service". id1090

Any ideas.

1 Reply 1

mark.barrett
Level 1
Level 1

It appears to be a new signature from S639 released a few days ago. Although, the vulnerability itself is not new.

http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=1090&signatureSubId=0&softwareVersion=6.0&releaseVersion=S639

http://www.kb.cert.org/vuls/id/568372

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: