Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
526 Views 4 Replies Latest reply: Aug 2, 2013 5:25 AM by pul RSS
pul Newcomer 12 posts since
Jul 22, 2013
Currently Being Moderated

Jul 30, 2013 9:52 AM

IP zones

Does anyone knows how I can make some sort of ZONES or similar of my network with IP subnets, so I can easily identify which Zone/Subnet generates an alert?

 

There is a column called ZONE, but I think it is only for NTBA for identifying inside/outside zones.

 

Suppose that IPS is in a closed network. For example, this is what I can see in alerts dashboard:

 

     Attack                |      Source IP             |     Src Port       |     Dest IP               |     Dest Port

 

    Attack     AAA     |     192.168.0.6          I      5555          |      192.168.10.3       |        445

    Attack    BBB     |     192.168.0.3          I     2222          |      192.168.1.5          |        445

    Attack     CCC     |     192.168.20.4      I      5555          |      192.168.10.5       |        445

    Attack     AAA     |     192.168.0.6          I      1111         |      192.168.2.5          |        445

    Attack     BBB     |     192.168.10.5       I      5555          |      192.168.9.9         |        445

    Attack     AAA     |     192.168.0.4          I      5555          |      192.168.6.5          |        445

 

And that's what I would like to get, as I know all the subnets in our network, I just need the quick way to see them.

 

     Attack                |      Source IP             |      Branch /Department    |     Src Port       |     Dest IP              |      Branch /Department    |     Dest Port

 

    Attack     AAA     |     192.168.0.6              |                   New York               I      5555          |      192.168.10.3      |                   Boston                  |        445

    Attack    BBB     |     192.168.0.3             |                      Boston                 I     2222          |      192.168.1.5          |                   Chicago              |        445

    Attack     CCC     |     192.168.20.4         |                      Miami                  I      5555          |      192.168.10.5       |                   New York                 |        445

    Attack     AAA     |     192.168.0.6             |                Las Vegas                 I      1111         |      192.168.2.5          |                   New York                |        445

    Attack     BBB     |     192.168.10.5         |                       Boston                 I      5555          |      192.168.9.9         |                   New York                |        445

    Attack     AAA     |     192.168.0.4           |                           Boston               I      5555          |      192.168.6.5          |                   New York                |        445

 

 

Thanks for help.

  • gfergus1 McAfee SME 125 posts since
    Nov 4, 2009
    Currently Being Moderated
    1. Jul 30, 2013 10:36 AM (in response to pul)
    Re: IP zones

    CIDR based sub interfaces are what you want to look into.  When traffic comes in on a specific interface if it matches the CIDR block tagged on the sub interface it will be given the name you specify on the sub interface.

    Policies can also be applied at the sub interface level once defined in this way.

  • gfergus1 McAfee SME 125 posts since
    Nov 4, 2009
    Currently Being Moderated
    3. Jul 31, 2013 10:38 AM (in response to pul)
    Re: IP zones

    details are on page 122 of the 7.5 device administration guide

     

    http://kc.mcafee.com/corporate/index?page=content&id=PD24259

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points