We've just received these new appliances and I've been trying to make heads or tails of messages received about "attacks".
This is the message that I'm getting
Windows DCOM Overflow 5588/0 192.168.3.34 192.168.1.7 droppedPacket, deniedFlow, tcpOneWayResetSent 445 60 95
I have a DC and five Satellite Servers and there all on a VPN and they replicate. This is a constent "attack" that I'm getting. I've made filters to make sure that the Network IP's in question are exempt from this signature.
I also did a DCdiag on the Domain Controler. This is not the only signature that I get that my DC is "attacking" other IP's within the Network....Here's my device and versions..
IPS ver. 6.1(1) E2
Device Type: ASA-SSM 10
ASDM= ASA Ver. 8.0 (2)
Device Type: ASA5510
ASDM ver 6.0(2)
I know that it can't be anything that is making the Servers comprimised, but I'm trying to narrow this down. I really don't want to disable the signature for fear of allowing anything from the outside coming in. My gut feeling is that its a false positive anyone else have this issue?
Same issue with a sig firing of 3337/0 Windows RPC Race condition....This one is firing from my DC to my sattelite office servers....All are healthy btw.