Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CSA server polling server on port 0

We have a server that keeps kicking alerts to our intrusion detection system.

The alert is showing that the CSA server is polling the server on UDP port 0 and the IDS system says this is an invalid port.

The originating port on the CSA server is random.

Is there any reason for CSA to be polling a server on port 0?

This is the only error we are getting like this.

Does anyone have an idea as to what this may be?

3 REPLIES
Silver

Re: CSA server polling server on port 0

If you are seeing the alerts on the IPS with a port of 0, you are actually seeing the sensor summarize events. If you change the firing signature to "Fire All", you will see the true port.

Cheers.

Jay

New Member

Re: CSA server polling server on port 0

Thanks for the reply.

Since I know nothing about the IDS, how would this be changed and is it something that is easy to do?

Silver

Re: CSA server polling server on port 0

You have to edit the signature configuration for that particular signature. Then look for the summarization parameters.... Change it to Fire All.

104
Views
5
Helpful
3
Replies