I have a DC and five Satellite Servers and there all on a VPN and they replicate. This is a constent "attack" that I'm getting. I've made filters to make sure that the Network IP's in question are exempt from this signature.
I also did a DCdiag on the Domain Controler. This is not the only signature that I get that my DC is "attacking" other IP's within the Network....Here's my device and versions..
IPS ver. 6.1(1) E2
Device Type: ASA-SSM 10
ASDM= ASA Ver. 8.0 (2)
Device Type: ASA5510
ASDM ver 6.0(2)
I know that it can't be anything that is making the Servers comprimised, but I'm trying to narrow this down. I really don't want to disable the signature for fear of allowing anything from the outside coming in. My gut feeling is that its a false positive anyone else have this issue?
Same issue with a sig firing of 3337/0 Windows RPC Race condition....This one is firing from my DC to my sattelite office servers....All are healthy btw.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...