[9.060][MYTH] IPS destination not showing

Hello ,

please check image

2013:01:25-10:56:50 acenn snort[6091]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="APP-DETECT SSH server detected on non-standard port" group="243" srcip="192.168.3.125" dstip="192.168.2.157" proto="6" srcport="5522" dstport="1447" sid="13586" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"

thanks

Parents

0 kofi over 12 years ago

Hello utm_kid,

in the column destination hosts you only see the count of the destination hosts.

This is because for one source address there could be more than one destination host, so only the count of destinations make sense at this point.

Best,

Kofi
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 kofi over 12 years ago

Hello utm_kid,

in the column destination hosts you only see the count of the destination hosts.

This is because for one source address there could be more than one destination host, so only the count of destinations make sense at this point.

Best,

Kofi
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 utm_kid over 12 years ago in reply to kofi

Hello utm_kid,

This is because for one source address there could be more than one destination host, so only the count of destinations make sense at this point.

Kofi

Hello Kofi ,

Sorry i don't understand ,can you please explain to me again
with example
or can you explain me with this actual log entry in ips

2013:01:25-10:56:50 acenn snort[6091]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="APP-DETECT SSH server detected on non-standard port" group="243" srcip="192.168.3.125" dstip="192.168.2.157" proto="6" srcport="5522" dstport="1447" sid="13586" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0"

thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel