12-28-2006 07:08 AM - edited 03-10-2019 03:24 AM
Has anyone an event whose source is 0.0.0.0 generated by an CSA 5.1?
Thank in advance and Merry Christmas,
Cristina
12-30-2006 10:29 AM
This is a repeated event that has the summary key set. You can modify this by altering how that signature summarizes (i.e. source and destination and source port and destination port)
Hope this helps and Happy New Year :-)
01-08-2007 01:33 AM
Could you be more precise? Could you explain me how to do this?
Thank you,
Cristina
01-10-2007 07:07 AM
In the Ciscoworks VMS IDS MC, click configuration->settings->sensor or group->5.x
Find your signature by id, select it, click tune, check override, scroll down to alert frequency->summary mode. If it is already set to summarize, change the summary key to 'attacker & victim addresses' for AxBx. This will avoid getting a 0.0.0.0 address for source or destination.
01-23-2007 01:26 AM
I am working with CSA 5.1 no IDS 5.1(4)
01-23-2007 10:44 AM
What is the event and port?
The machine may be trying to connect to itself.
I would look at other alerts on the machine(s) getting this message and see what else might be happening.
Tom
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: