Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Are there something wrong with attackers?

When I look at the events I see %95 of the attackers from my inside network. Is it wrong or is it normal? Shouldnt I see the attackers from outside real ips?

thx

2 REPLIES
Community Member

Re: Are there something wrong with attackers?

Hi ,

In firewall case you can not check the real ip because the outside ip may be spoofed . Some time it may be real when some hackers wants to touch your network from their public domain.

As per my suggestion just imply the Reject rule in this case user can not touch your interface and you will be safe.

Shridhar

Gold

Re: Are there something wrong with attackers?

You don't provide enough details (what sig is firing), but it is perfectly normal for an untuned IDS/IPS to have thousands of false positives, many of which will be sourced from your own network.

You should create an event action filter that has your network space as a source and add any signatures that are false positives.

137
Views
0
Helpful
2
Replies
CreatePlease to create content