03-14-2006 01:03 AM - edited 03-10-2019 01:55 AM
Regarding above signature, I already checking on my exchange server (2003 with SP2) and confirmed we are patching with MS05-021 (KB894549) but there is still huge alarm fire between my exchange servers on this signature daily.
Any1 experienced this before? Mind to sharing your advice? thanks and appreciate it.
03-14-2006 05:30 AM
If your exchange server's are patched and are not vulnerable you have the option to either filter or disable this signature.
If you suspect false positives would you be able to provide some traffic samples or at least some show event outputs? It would greatly help in improving the signature.
You can e-mail me directly at jlimbo@cisco.com and I will provide you with my pgp key.
Thanks,
Jonathan
03-14-2006 08:12 AM
we saw the same thing (false positives on traffic between exchange servers). We just turned it off.
03-17-2006 10:57 AM
Hi dude.
Are you just turn off this signature or filtered out your exchange server on this signature?
Can CISCO doing something on this Signature? appreciate it.
03-22-2006 07:28 AM
We just turned the signature off. I'm not in an environment where complicated filtering is feasible. There are exceptions, but if a false-postive alarm is cluttering up my display, it's gone. It helps that we're patched for this vuln.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: