Thread Info
  • State Not Answered
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 1660 views
  • Users 0 members are here
Options
Suggested

[9.060][MYTH] IPS destination not showing

utm_kid
Hello ,

please check image 


2013:01:25-10:56:50 acenn snort[6091]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="APP-DETECT SSH server detected on non-standard port" group="243" srcip="192.168.3.125" dstip="192.168.2.157" proto="6" srcport="5522" dstport="1447" sid="13586" class="Generic Protocol Command Decode" priority="3" generator="1" msgid="0" 


thanks
Parents
  • 0
    Utm kid,
    Kofi provided you the correct answer for your image question. One source IP can have a number of destinations hosts (1, 2, 3, etc). 

    What parameters do you want to know from the log entry? [I think most entries make sense]
  • 0 in reply to Tinkerbell
    if you check at ips log where it show you src and dest both then why cant image show src and destination 

    as i provided in the log
  • 0 in reply to utm_kid
    2013:01:25-08:21:45 acenn snort[6038]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="PROTOCOL-ICMP Destination Unreachable Network Unreachable" group="410" srcip="192.168.7.100dstip="192.168.7.135" proto="1" srcport="0" dstport="0" sid="401" class="Misc activity" priority="3"  generator="1" msgid="0"

    2013:01:25-10:56:50 acenn snort[6091]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="APP-DETECT SSH server detected on non-standard port" group="243" srcip="192.168.3.125dstip="192.168.2.157" proto="6" srcport="5522" dstport="1447" sid="13586" class="Generic Protocol Command Decode" priority="3"  generator="1" msgid="0"

    if you look at this image here also it miss some thing but

    This is my last attempt  if you stil think its myth i have no problem 
Reply
  • 0 in reply to utm_kid
    2013:01:25-08:21:45 acenn snort[6038]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="PROTOCOL-ICMP Destination Unreachable Network Unreachable" group="410" srcip="192.168.7.100dstip="192.168.7.135" proto="1" srcport="0" dstport="0" sid="401" class="Misc activity" priority="3"  generator="1" msgid="0"

    2013:01:25-10:56:50 acenn snort[6091]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="APP-DETECT SSH server detected on non-standard port" group="243" srcip="192.168.3.125dstip="192.168.2.157" proto="6" srcport="5522" dstport="1447" sid="13586" class="Generic Protocol Command Decode" priority="3"  generator="1" msgid="0"

    if you look at this image here also it miss some thing but

    This is my last attempt  if you stil think its myth i have no problem 
Children
No Data