network scan in realsecure IDS

allan
Topic Author
Offline
New Member

18 years 11 months ago #10336 by allan

network scan in realsecure IDS was created by allan

when monitoring the network sensor, i've noticed there are network scan on tcp445. Some detail are as following:

Sensor event From to info

NIDS01 network scan X.X.X.X X.X.X.X count-750

That means the network sensor has detected 750 times of same event (network scan). Bur how can I verify the frequency? I mean, it is 750 times/per minutes or 750 times/per hour?
anybody can help?

jwj
Offline
Premium Member

18 years 11 months ago #10366 by jwj

Replied by jwj on topic Re: network scan in realsecure IDS

I'm very confident that this is a cumulative count. As far as finding time information, you'll have to look at the individual events to get a feel of the timing of these events. My look at ISS' RealSecure IDS 7.0 documentation did not indicate any way to filter your events by time received, it seems to just filter based on packet contents.

Here's a link to ISS' documentation on this IDS.

-Jeremy-

Time to create page: 0.112 seconds

Free Download

Get 2 VMs for FREE!

Download Now!

Free Download!

Get 2 VMs for FREE!

Free Download!

Manage your Network!

network scan in realsecure IDS