Hee Kiong wrote: >Hi, > >I have a server running whatsup application that monitors various >servers at a remote site by using ICMP ping. The whatsup server will >poll those servers every minute. I have an IDS installed at the remote >site to monitor the incoming and outgoing traffics. The whatsup server >has been running for about 1 1/2 years and only recently (2 months ago) >I saw the ping sweep events showed at the remote IDS. The event showed >me that the source IP is from the whatsup server and the destination IP >addresses are those various servers at the remote site. The whatsup >server is doing the ICMP sweep those servers and it is a valid event > >I would like to know why this happens only just recently whereas I >should see this event on the first day I got the whatsup server in >place. Is it possible that this is false positive reports? How can you >show that it is a false positive events? Hope to get some help here. Thanks > > > > Have there been any other changes to the network at the time this occured (2 months ago)? Maybe a change to router config is now passing pings.
_______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
