Windows DCOM Overflow (Internal Servers)

Unanswered Question
Jun 26th, 2008

We've just received these new appliances and I've been trying to make heads or tails of messages received about "attacks".

This is the message that I'm getting

Windows DCOM Overflow 5588/0 droppedPacket, deniedFlow, tcpOneWayResetSent 445 60 95

I have a DC and five Satellite Servers and there all on a VPN and they replicate. This is a constent "attack" that I'm getting. I've made filters to make sure that the Network IP's in question are exempt from this signature.

I also did a DCdiag on the Domain Controler. This is not the only signature that I get that my DC is "attacking" other IP's within the Network....Here's my device and versions..

IPS ver. 6.1(1) E2

Device Type: ASA-SSM 10

ASDM= ASA Ver. 8.0 (2)

Device Type: ASA5510

ASDM ver 6.0(2)

I know that it can't be anything that is making the Servers comprimised, but I'm trying to narrow this down. I really don't want to disable the signature for fear of allowing anything from the outside coming in.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion