Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

S424 signature SQLPing3 issue with Fping traffic

The S424 contains a new signature "SQLPing3" (Signature ID: 19840/0) which in our IDS system triggers on FPing traffic.

The SQLPing3 triggers on a 8 byte null content of the data part of the ICMP packet , apparently FPing shapes its data exactly the same way effectively causing a "false" alert.

RFC of ICMP suggest the data part has no restrictions in the content , it may be all 0.

Has anyone noted this issue before or are there any restrictions known to the content of the ICMP data we are not aware of?

285
Views
0
Helpful
0
Replies
CreatePlease login to create content