cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Attack with blank attacker ip or target ip

Dear All

I want to know that there are some attacks generated on nsm and these attacks have only attacker ip or target ip so I don't want to see these attacks either on dashboard or in report.Also I want that sensor ignore these type of attacks and don't take any action against it.

 

Kindly help me how I can do this on nsm?

3 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Attack with blank attacker ip or target ip

Hi @User27622125 

For ignoring an alert, you can proceed by creating Ignore rule that will not trigger an alert. 

Kindly let me know the alert name for better understanding.

 

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Highlighted

Re: Attack with blank attacker ip or target ip

Dear Faizan,

Alert name is given below:

TCP: SYN Host Sweep

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Attack with blank attacker ip or target ip

Hi @User27622125 

SYN Host Sweep is a reconnaissance category alert which is determined based on the threshold and timer values. The Sensor tracks the count of SYN packet and not the IP addresses generating the SYN Packet. Once the count exceeds the threshold values the alerts are triggered. 

Because the alerts are triggered based on the threshold, the IP addresses are not displayed. Which is by design.

 

Regards,
Faizan

Was my reply helpful?
If you find this post useful, please give it a Kudos! l Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community