Network Management

last person joined: 11 hours ago 

Keep an informative eye on your network with IMC and AirWave network management solutions.
Expand all | Collapse all

Airwave Causing false positive alerts

Jump to Best Answer
  • 1.  Airwave Causing false positive alerts

    Posted Nov 21, 2014 09:04 AM

    I periodically receive an alert from my APC device regarding an unauthorized FTP attempt from my airwave server.

     

    I beleive it may be related to Rapids but not entirely sure.

     

    Does anyone have any suggestions on preventing this?



  • 2.  RE: Airwave Causing false positive alerts
    Best Answer

    Posted Nov 21, 2014 12:14 PM

    -moved post to correct topic area

     

    Is the FTP initialized from the AirWave server?  Or is it an inbound request from a device to the AirWave server?  AirWave can also be an FTP server, but that's only used if devices are trying to get firmware updates from AirWave.  RAPIDS should not be doing anything FTP related.

     

    I also suggest taking this up as a support case with TAC.  Along with a tcpdump capture of all traffic between your APC and the AirWave server.



  • 3.  RE: Airwave Causing false positive alerts

    Posted Nov 24, 2014 11:16 AM

    It appears to be a FTP request initialized by the Airwave Server.

     

    I will contact TAC.

     

    Thanks



  • 4.  RE: Airwave Causing false positive alerts

    Posted Dec 14, 2015 09:02 AM

    Hi curtinat,

     

    I know this thread is somewhat old but did you ever get a resolution on this issue from TAC?

     



  • 5.  RE: Airwave Causing false positive alerts

    Posted Jan 22, 2016 01:43 PM

    For any other users running into this same issue I contacted TAC on this and am told that on the RAPIDS tab (under "Setup") there is the "Auto OS Scan Rogue Devices" option which is what causes AirWave to perform an NMAP scan of network devices to obtain OS information.  TAC recommended either turning this off (which would turn off OS detection on all rogue devices as there is no option to disable it for a single device) or turning off that particular e-mail alert on the UPS device (or other network device) that is generating the alert(s).