TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Jaime,
I use this event more for telling me what types of protocols are being
used on my network. You want to run down the device that is using protocol
54 and make sure that's what it is supposed to be doing. Once you've
established this is correct, you can place NARP on the ignore list.
This event hasn't detected suspicious activity for me yet, just unusual
protocols. Also, when you place a protocol on the ignore list and then
apply the policy, make sure you reboot the sensor that you applied the
policy to. Otherwise, it will not ignore that particular protocol.
Chris Mahn
jfontelera@SOLANO
COUNTY.COM To: [EMAIL PROTECTED]
Sent by: cc:
owner-issforum@is bcc:
s.net Subject: Logs Analysis
07/12/2001 12:30
PM
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
I received this email alert from my network sensor. The information about
this
alert given by RealSecure is that attackers use non-standard protocol so
that they go undetected. I replaced the real IP with x.x.x.x.
The advise was to check the type of protocol. In this case it's protocol:
54
NARP
Does anyone have any idea on this type of alert ??
Thanks,
Jaime
'IPUnknownProtocol' event detected by the RealSecure sensor at
'realsecure'.
Details:
Source Address: 169.237.30.199
Source Port:
Source MAC Address: 08:00:02:2A:7C:CD
Destination Address: x.x.x.x
Destination Port:
Destination MAC Address: xx:xx:xx:xx:xx:xx
Time: Thursday, July 12, 2001 01:07:18
Protocol: NARP (54)
Priority: high
Actions mask: 0x244
Event Specific Information:
PROTOCOL: 54 (NARP)
