Event ID 4963 - IPsec dropped an inbound clear text packet that should have been secured.
|Description||IPsec dropped an inbound clear text packet that should have been secured.|
This log data gives the following information:
- Remote network address
- Inbound SA SPI
Reasons to monitor this event:
- If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected.
- This can also be caused by the remote computer changing its IPsec policy without informing this computer.
- This could also be a spoofing attack attempt.
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all IPsec security associations, helping you meet your security, operational, and compliance needs with absolute ease.
Event 4963 applies to the following operating systems:
- Windows Server 2008 R2 and 7
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 10