We've recently noticed that the Source and Destination addresses in the IDS 3001 alarms have been reversed, that is the source address is reported in the dest adress field, and the dest address is placed in the source address field. This is happening in the NetRanger log itself. We cross-checked the alarms with the actual sessions we're seeing to verify that this is occurring?
We're still running CIDS 2.2.1, with packetd version of 2.2.1.8. Is there a reason the addresses have been flipped?