Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1081
Views
5
Helpful
1
Replies

Network 0.0.0.0 in IPS alerts

colonha27
Level 1
Level 1

‎02-20-2009 11:55 AM - edited ‎03-10-2019 04:31 AM

Good afternoon:

I have a Cisco IPS 4240 sensor. This appliance is generating alerts with the network 0.0.0.0 as attacker and victim.

Example:

Severity informational

Application Name sensorApp

Event Time 02/20/2009 12:26:19

Sensor Local Time 01/20/2009 12:26:19

Signature ID 1330

Signature Sub-ID 16

Signature Name TCP Drop - PAWS check failed

Signature Version S248

Signature Details TCP Packet segment failed PAWS check

Attacker IP 0.0.0.0

Target IP 0.0.0.0

Target Port 0

Target Locality OUT

Someone can tell me. What can say this.

Thank's in advanced.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Syed Iftekhar Ahmed
Level 8
Level 8

‎02-20-2009 01:07 PM

This generally happens when in Summary Mode the alerts

are coming from a large number of Attacker or are directed to large number of Victim IPs.

So instead of trying to show perhaps thousands of IPs in the attacker and/or victim address fields, the field will be populated with only 0.0.0.0.

If you want to see an alert for each time it is triggered, you

can reconfigure the signature and set it to FireAll mode with no Summary

Threshold.

Syed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card