03-21-2007 04:42 AM - edited 03-10-2019 03:31 AM
I have an IPS4215 installed behind a 515E firewall. When clients use the Cisco VPN Client to connect to the firewall (and access a sensitive server behind it) I get multiple hits on Sig 1300/0 TCP Segment Overwrite. Summarization keeps the number of counts down, but sometimes I'm seeing 200+ events per connection. I need to determine how this should be tuned.
Where can I find more information about the specifics of this signature? I'm not clear from the NSDB why this would occur in this case.
03-22-2007 04:00 PM
Hi,
We see these every time we install a Cisco Sensor in default mode.
I think it is over sensitive, I have been meaning to see some data to TAC to let Cisco look at it as we see it on every 5.X sensor we install.
03-23-2007 04:32 AM
Hi,
Since I'm not the only one with the problem, I'll try to open a TAC today and see where this goes. I'll post progress here.
Thanks for the reply!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide