I have a LAN IDSM in promiscusous mode wherre I'm seing too much of the below alerts, I've researched it and found out that it should be stopped! since it is a high severity alert!! however I guess summarization is preventing me from knowing the attacker and targets because of the 0.0.0.0 source and destination, right? IS this the case? and how can I solve it?
Should I disable summary for that specific signature? what's the best practice? Should it be stopped?
Can someone please pick up on the last comment made? I am seeing the exact same signature in my IDS output with the attacker having an IPv6 ip. How do I resolve the IPv6 to understand who is attacking me? From the fe80 I can tell it is a link local ip so the attacker must be from the inside?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...