I am getting several of these from diffrent PC's on the network. This is a brand new deployment of an IPS in our core 6500. I need to know where to start tracking down what this is and if its a flase positive. I changed the attaker IP for this post but they are coming from internal IP's on our network. I am also getting several from the same PC.
This signature fires for a host that crosses a threshold for non-established TCP connections or unacknowledged SYN packets sent to multiple addresses on an identical TCP port and may indicate worm-like scanning.
It would be beneficial to investigate the host listed as the attacker and determine if this is expected behavior or if the host is compromised.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...