Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TCP Segment Overwrite

I have an IPS4215 installed behind a 515E firewall. When clients use the Cisco VPN Client to connect to the firewall (and access a sensitive server behind it) I get multiple hits on Sig 1300/0 TCP Segment Overwrite. Summarization keeps the number of counts down, but sometimes I'm seeing 200+ events per connection. I need to determine how this should be tuned.

Where can I find more information about the specifics of this signature? I'm not clear from the NSDB why this would occur in this case.

2 REPLIES
New Member

Re: TCP Segment Overwrite

Hi,

We see these every time we install a Cisco Sensor in default mode.

I think it is over sensitive, I have been meaning to see some data to TAC to let Cisco look at it as we see it on every 5.X sensor we install.

New Member

Re: TCP Segment Overwrite

Hi,

Since I'm not the only one with the problem, I'll try to open a TAC today and see where this goes. I'll post progress here.

Thanks for the reply!

269
Views
4
Helpful
2
Replies
CreatePlease login to create content