Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Windows RPC Dcom overflow

Has anyone discovered any benign triggers for this signature yet? It's triggered a few times on my network and the machines are clean.

thanks,

biz

6 REPLIES
New Member

Re: Windows RPC Dcom overflow

Which version are you running? Which signature is firing (subsig)?

New Member

Re: Windows RPC Dcom overflow

ID: 3327 Sub ID: 0

Sensor Info:

Cisco Systems Intrusion Detection Sensor, Version 4.1(1)S57

New Member

Re: Windows RPC Dcom overflow

Are these systems triggering the alarms servers, workstations or both? Load-balancing between servers may cause this alarm to fire. I have heard that SMS agent under certain circumstances will fire a false-positive. Need more information.

New Member

Re: Windows RPC Dcom overflow

They are triggering from workstation to server. Only 3 at this point.

Cisco Employee

Re: Windows RPC Dcom overflow

Could you set the sensor up to capture the trigger packet? When you get one that you beleive is a false positive we can then help extract that alarm and we will be able to analyze what is causing it.

You can contact Tony Hall at anthall@cisco.com when you have a suspect.

New Member

Re: Windows RPC Dcom overflow

Sure will... thanks.

95
Views
0
Helpful
6
Replies
CreatePlease login to create content