Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

TCP Segment Overwrite

I'm getting ~ 330,000 "TCP Segment Overwrite" alerts a day from the 6 IDS/IPS sensors. Destination of these packets are 0.0.0.0 or Internal IPs(10.x.x.x). The source IP is mostly Internal Subnet (10.x.x.x). Do I need to investigate these events/alerts?. What do we need to monitor for this event? Do we need to monitor traffic originating from external source?

1 REPLY
Silver

Re: TCP Segment Overwrite

We turned the sig off since it didn't seem to provide any value.

268
Views
4
Helpful
1
Replies
CreatePlease to create content