Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Anyone having issues with Signature 41846/1?

S625 got applied to one of our IDS sensors this morning and 41846/1 is firing like crazy.  The Attacker IPs are all internal IPs and all over the board, not just one or two different IPs.  Some of the targets are internal and some are external.  Just wondering if anyone else has noticed this in their environment.

Everyone's tags (1)
8 REPLIES
Community Member

Anyone having issues with Signature 41846/1?

Yes, I've noticed a lot of matches of that siganture.

The difference in my case is that Attacker IP always is our web proxy, and targets are in most cases Adobe's sites or sites belonging to ThePlanet.com Internet Services, Inc.

Community Member

Anyone having issues with Signature 41846/1?

I am seeing it too. Just started yesterday right after a signiture update. I had to disable the sig because it was firing so much. Freaked me out at first. I checked the IPs is was reporting on and none of them were of bad reputation. In my case, we would have internal IPs attempting contact to an external address which varied quite a bit. Wish Cisco would vet these better.

Community Member

Anyone having issues with Signature 41846/1?

Same here. Legitimate traffic being flagged. I've disabled this sig for now.

Community Member

Anyone having issues with Signature 41846/1?

Anyone have an update on this??  We are seeing the same thing and it is worse today than yesterday.

Community Member

Anyone having issues with Signature 41846/1?

It blew up on us.  Packet captures look like it's matching on any(?) aspx.  Disabled/filtered it.  Signature needs to be fixed!

Cisco Employee

Anyone having issues with Signature 41846/1?

yes, we are looking into this issue. The signature will be updated asap.

Community Member

Anyone having issues with Signature 41846/1?

Yep, same issue over here.  Thanks to rupadras for noting a fix is in the works. 

Cisco Employee

Anyone having issues with Signature 41846/1?

As you may have noticed, the signature was updated in S626 released last night.

585
Views
0
Helpful
8
Replies
CreatePlease to create content