Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Signature 3323 RF Poison

I upgraded to 4.1-3-S61 and am now getting several rf poison signatures throught the internal network. Does anybody know what process might trigger this alert and how to filter it other than disabling the sig?

  • Other Security Subjects
Cisco Employee

Re: Signature 3323 RF Poison

We have had several cases of 3323 firing since S61. We made some changes to the SMB engine in order to cover the lastest Microsoft vulnerabilities. It appears that in doing so, the 3323 logic loosened up and is now false positive firing. We recommend disabling the signature and will work on having it fixed in the next signature update.

Scott C

New Member

Re: Signature 3323 RF Poison

I have been getting large amounts of events at the mgt station for the signature SMB:RFPoison Attack ID: 3323. Can you tell me if the problem that was addressed in this thread has been resolved? i am a 4.1-3s81 on the sensors

Cisco Employee

Re: Signature 3323 RF Poison

There is a fix in the upcoming 4.1.4 release

This widget could not be displayed.