S625 got applied to one of our IDS sensors this morning and 41846/1 is firing like crazy. The Attacker IPs are all internal IPs and all over the board, not just one or two different IPs. Some of the targets are internal and some are external. Just wondering if anyone else has noticed this in their environment.
I am seeing it too. Just started yesterday right after a signiture update. I had to disable the sig because it was firing so much. Freaked me out at first. I checked the IPs is was reporting on and none of them were of bad reputation. In my case, we would have internal IPs attempting contact to an external address which varied quite a bit. Wish Cisco would vet these better.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...