05-31-2007 08:23 AM - edited 03-10-2019 03:38 AM
Hello guys,
i'm system administrator for a small company and i'm experiencing a strange behaviour on 1 of my 4 IDS 4235 sensor running 4.1.(5)S252 .Two of them are on the external (toward internet) and 2 of them are on the internal network. They are all managed by IDSMC 2.1 and CiscoWorks 2.1. At the moment the one on the inside cannot be reached with IEV with the following errors:
evError: eventId=1089392073211120283 severity=error
originator:
hostId: sensor-1-int
appName: cidwebserver
appInstanceId: 1634
time: 2007/05/31 15:27:23 2007/05/31 17:27:23 cet
errorMessage: name=errUnclassified srvcReq protoErr: unexpected_message [10,0]
evError: eventId=1089392073211120284 severity=error
originator:
hostId: sensor-1-int
appName: cidwebserver
appInstanceId: 1331
time: 2007/05/31 15:27:23 2007/05/31 17:27:23 cet
errorMessage: name=errTransport WebSession::sessionTask(3) TLS connection exception: handshake incomplete.
Googling around i noticed similar behaviour under SSL DOS attack but my logs are a little bit different, so i think and HOPE that is not a dos.
In the mean time i thank you and give my best regards waiting for some feedback
simone
05-31-2007 11:06 AM
Assuming you have connectivity between your VMS and sensor, try deleteing and re-adding the sensor in VMS. This has fixed this problem for me.
06-01-2007 01:12 PM
You may want to upgrade to at least 5.1(x) as there is no longer signature support for 4.x sensors.
That aside, a cert expiration on the sensor can result in a failed TLS handshake. Re-importing as the previous poster noted will give you a much better perspective of what the problem may be
Hope this helps
06-06-2007 01:22 AM
Yeah,
and in fact i did this opearation and it brings to the same behaviour. Thank you all guys for the support.
I'll probably need to upgrade my sensor to the new IPS version, but this is dependant to my old VMS version 2.2 and OS machine with windows 2000. So as far as i know i should upgrade windows 2000 to 2003 and then update VMS to the lastest version and then upgrade sensors to be imported with 5.x version to the new VMS version(2.3?)Is that correct?
thank you all
simone
06-06-2007 11:50 AM
I'm running VMS 2.3 with the latest patches on several Windows 2000 server boxes with 5.x sensors.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide