-
July 14th, 2008, 09:53 PM
#1
Junior Member
IDS Event Logging Question
Hi Guys,
Quick question about IDS event logging. If I see an "Attacker Address" of 0.0.0.0, is it safe to assume that the source was spoofed?
Also, if I see an "Attacker Address" of 1.2.3.4, for example, with a target address of 0.0.0.0, what target is the attacker going after?
Thanks!
--B
-
July 15th, 2008, 07:37 AM
#2
Knowing what IDS generates these messages might help?
Oliver's Law:
Experience is something you don't get until just after you need it.
-
July 15th, 2008, 12:43 PM
#3
Junior Member
-
July 15th, 2008, 01:43 PM
#4
Right.. Have a look at the original (IP) packets that triggered the alert
Oliver's Law:
Experience is something you don't get until just after you need it.
Similar Threads
-
By Negative in forum The Security Tutorials Forum
Replies: 12
Last Post: June 2nd, 2004, 01:09 AM
-
By AngelicKnight in forum AntiVirus Discussions
Replies: 2
Last Post: January 23rd, 2004, 05:15 AM
-
By PhiDelt101 in forum General Computer Discussions
Replies: 7
Last Post: December 12th, 2003, 04:41 AM
-
By ChazJC in forum Microsoft Security Discussions
Replies: 3
Last Post: June 20th, 2002, 10:32 PM
-
By smirc in forum AntiOnline's General Chit Chat
Replies: 3
Last Post: May 13th, 2002, 03:24 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|