There are three likely scenarios that could have caused this message to appear:
- First, in the best case, it's a false alarm. Intrusion detection systems (IDSes) often generate false positive alerts. In order to determine if this is the case on your systems, you'll have to look at the details of the alerts and determine whether the packets triggering the alerts appear to be legitimate activity for your environment. What may be considered a legitimate packet on one network could be a rogue packet on another.
- The second possibility is that the intrusion attempt came from an infected system on the local network. If this is the case, the alert should still provide you with valuable information: the address of the system causing the alert. You should check that system for any signs of malicious activity.
- The final possibility is that your systems received the attack from outside your local network. In this case, you likely have a misconfiguration on your network firewall that allowed the traffic to reach the endpoint. Check your configuration and ensure that external traffic is not allowed into networks hosting endpoint systems without the use of a VPN.
Good luck tracking down the source of this attack!
Dig Deeper on Network Intrusion Detection (IDS)
Related Q&A from Mike Chapple
Cloud compliance issues are no reason for enterprises not to move to the cloud. Expert Mike Chapple explains why, as well as what to keep in mind ...continue reading
The GAO reported on SEC cybersecurity weaknesses, even though the SEC regulates cybersecurity. Expert Mike Chapple discusses the effects of this ...continue reading
Enterprise compliance can be a burden to manage, which is where a PCI ISA can be helpful. Expert Mike Chapple explains how a PCI Internal Security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.