There seams to be a problem with the signature Net Flood TCP. The Cisco Intrusion Prevention sensor is installed in promiscuous mode and is at version 5.1(2) S247.0. The signature is enabled for rate 0 and to produce at alert.
signatures 6920 0
rate: 0 <defaulted>
event-action: produce-alert <defaulted>
My problem is that we do not receive any alert. Is there a logical reason for this and if so what is it?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...