Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS 4240 seems to be dropping legitimate packets

I have an IPS 4240 installed in between my customers Outside Firewall and his Internet Router.

I have been receiving excessive Alarms from the IPS with respect to a match on signature ID:1300/0. This is allegedly a TCP Segment Overright. The addresses are the addresses of a DNS server provided by our ISP, and then our Front End Mail Server in our DMZ. Is this most likely a false positive, or is it a crafted packet that could be an attack?

1 REPLY

Re: IPS 4240 seems to be dropping legitimate packets

We see this signature fire all the time for hosts about whom we are sure that they are not HaX0RiNG our network :)

Regards

Farrukh

137
Views
0
Helpful
1
Replies
CreatePlease login to create content