cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
470
Views
0
Helpful
5
Replies

CSA: Event whose source address is 0.0.0.0

lcuchisanmillan
Level 1
Level 1

Has anyone an event whose source is 0.0.0.0 generated by an CSA 5.1?

Thank in advance and Merry Christmas,

Cristina

5 Replies 5

attmidsteam
Level 1
Level 1

This is a repeated event that has the summary key set. You can modify this by altering how that signature summarizes (i.e. source and destination and source port and destination port)

Hope this helps and Happy New Year :-)

Could you be more precise? Could you explain me how to do this?

Thank you,

Cristina

In the Ciscoworks VMS IDS MC, click configuration->settings->sensor or group->5.x

Find your signature by id, select it, click tune, check override, scroll down to alert frequency->summary mode. If it is already set to summarize, change the summary key to 'attacker & victim addresses' for AxBx. This will avoid getting a 0.0.0.0 address for source or destination.

I am working with CSA 5.1 no IDS 5.1(4)

What is the event and port?

The machine may be trying to connect to itself.

I would look at other alerts on the machine(s) getting this message and see what else might be happening.

Tom

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: