Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IDS Signature 3001 Flipping Source and Dest Addresses

We've recently noticed that the Source and Destination addresses in the IDS 3001 alarms have been reversed, that is the source address is reported in the dest adress field, and the dest address is placed in the source address field. This is happening in the NetRanger log itself. We cross-checked the alarms with the actual sessions we're seeing to verify that this is occurring?

We're still running CIDS 2.2.1, with packetd version of 2.2.1.8. Is there a reason the addresses have been flipped?

1 REPLY
New Member

Re: IDS Signature 3001 Flipping Source and Dest Addresses

I think there was a problem with a signature in the older sensors where the source/destination addresses were swapped in the context buffer. I remember this bug was found and fixed somewhere around the 2.5 code release. In any case, you should upgrade to 3.0. 2.2.1.8 is falling behind very quickly in signature coverage. Doing this should also fix the bug I think you’re running into.

107
Views
0
Helpful
1
Replies