Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Sig 3250 -3251

Is anyone else getting over run with these signatures firing for no apparent reason?

2 REPLIES
New Member

Re: Sig 3250 -3251

Yes, I also see quite a lot of these (3251) from virtualized web and VPN environments. Sometimes this sig can fire because of packet trickery involved with some of environment protocols. I'm interested to hear what others are doing, or if this Sig is ever actionable.

New Member

Re: Sig 3250 -3251

If you have not already done so, I would recommend upgrading your sensors to 5.1(3).

In 5.1(2) (this service pack is not available on CCO anymore), the following bugid is noted:

CSCsd00877 TCP Hijack signatures false positive.

In our environments, this has helped. Still get the occassional events, but not the large amount as before.

307
Views
0
Helpful
2
Replies
CreatePlease to create content