Results 1 to 4 of 4

Thread: IDS Event Logging Question

  1. #1
    Junior Member
    Join Date
    Jun 2004
    Posts
    5

    IDS Event Logging Question

    Hi Guys,

    Quick question about IDS event logging. If I see an "Attacker Address" of 0.0.0.0, is it safe to assume that the source was spoofed?

    Also, if I see an "Attacker Address" of 1.2.3.4, for example, with a target address of 0.0.0.0, what target is the attacker going after?

    Thanks!
    --B

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Knowing what IDS generates these messages might help?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Junior Member
    Join Date
    Jun 2004
    Posts
    5

    They're Cisco IPS 4260s*

    ****

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Right.. Have a look at the original (IP) packets that triggered the alert
    Oliver's Law:
    Experience is something you don't get until just after you need it.

Similar Threads

  1. Read Me First
    By Negative in forum The Security Tutorials Forum
    Replies: 12
    Last Post: June 2nd, 2004, 01:09 AM
  2. Understanding the eTrust Antivirus Event Log
    By AngelicKnight in forum AntiVirus Discussions
    Replies: 2
    Last Post: January 23rd, 2004, 05:15 AM
  3. Someone PLEASE HELP: (router;NIC;DHCP;IP)<-HELP
    By PhiDelt101 in forum General Computer Discussions
    Replies: 7
    Last Post: December 12th, 2003, 04:41 AM
  4. Local Audit Policy/Security Event Viewer
    By ChazJC in forum Microsoft Security Discussions
    Replies: 3
    Last Post: June 20th, 2002, 10:32 PM
  5. Test Your Knowledge of Redhat?
    By smirc in forum AntiOnline's General Chit Chat
    Replies: 3
    Last Post: May 13th, 2002, 03:24 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •