Skip main navigation (Press Enter).

Imperva Cyber Community

View Only

Back to discussions

Expand all | Collapse all

Why my alerts/violations showing broadcast address from my imperva dam console

Agustin Cudiamat20 hours ago

Hi, Im having alerts/violations that is showing Source IP and destination IP as 255.255.255.255. I ...

SBISOC 443012 hours ago

Hi Agustin, IP 255.255.255.255 is a restricted broadcast address and s uch behaviour is noticed ...

1. Why my alerts/violations showing broadcast address from my imperva dam console

Like
Agustin Cudiamat
Posted 20 hours ago
Hi,

Im having alerts/violations that is showing Source IP and destination IP as 255.255.255.255. I analyze the alert/violations it's seems that it is running a schedule activity within the DB server. May I check in what situation will the DAM agent capture 255.255.255.255?

Is there a way to rectify this alert/violation is coming from the server actual IP?

Connection: 255.255.255.255 > 255.255.255.255

DB Application: microsoft sql server management studio

Operation: backup database

Normalized Query: declare query

#databasesecurity

#ImpervaAgent

#DAM

#DatabaseActivityMonitoring
#ImpervaAgent

------------------------------
Agustin Cudiamat
Field Engineer
Singapore
------------------------------
2. RE: Why my alerts/violations showing broadcast address from my imperva dam console

Like
SBISOC 4430
Posted 12 hours ago
Hi Agustin,

IP 255.255.255.255 is a restricted broadcast address and such behaviour is noticed for MS SQL databases whose activity logs in the DAM show IP 255.255.255.255 as both source and destination. It was fixed in the agent version v14.4P40.

Regards,

------------------------------
SBISOC 4430
Manager
Mumbai
------------------------------

Original Message

Powered by Higher Logic

Global message icon