Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

IPS high alerts with Cisco sites as the attacker?

Has anyone else recently been getting Alerts on the below signatures while accessing Cisco sites?

Windows Shell External Handler

Apache mod_proxy Buffer Overflow

3340:0

3883:0

The above two alerts listed ftp-sj.cisco.com as the attacker and my CS-Manager as the victim. I assume this is during IPS signature file downloads.

While searching the Cisco forums about the above issue, I received an alert on sig 3440 with tools.cisco.com as the attacker and my personal PC as the victim.

Thanks for any info.

2 REPLIES
Bronze

Re: IPS high alerts with Cisco sites as the attacker?

It appears the alert that fired on 3440 with tools.cisco.com as the attacker occured while I was looking up the 3440 signature on MySDN. I believe the signature description contains the trigger for this alert "=shell".

113
Views
0
Helpful
2
Replies