Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
4
Helpful
2
Replies

TCP Segment Overwrite

Tim Armstrong
Level 1
Level 1

‎03-21-2007 04:42 AM - edited ‎03-10-2019 03:31 AM

I have an IPS4215 installed behind a 515E firewall. When clients use the Cisco VPN Client to connect to the firewall (and access a sensitive server behind it) I get multiple hits on Sig 1300/0 TCP Segment Overwrite. Summarization keeps the number of counts down, but sometimes I'm seeing 200+ events per connection. I need to determine how this should be tuned.

Where can I find more information about the specifics of this signature? I'm not clear from the NSDB why this would occur in this case.

Labels:
0 Helpful
2 Replies 2

ishah
Level 1
Level 1

‎03-22-2007 04:00 PM

Hi,

We see these every time we install a Cisco Sensor in default mode.

I think it is over sensitive, I have been meaning to see some data to TAC to let Cisco look at it as we see it on every 5.X sensor we install.

Tim Armstrong
Level 1
Level 1
In response to ishah

‎03-23-2007 04:32 AM

Hi,

Since I'm not the only one with the problem, I'll try to open a TAC today and see where this goes. I'll post progress here.

Thanks for the reply!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card