https://community.cisco.com/t5/network-security/sig-name-cucm-cti-dos/m-p/1457850#M67025 <P>I am seeing Sig ID: 6799 Subsig 0 a lot on our 4215.</P><P>Sig Name: CUCM CTI DoS<BR />Sig ID: 6799<BR />Severity: Medium<BR />Risk Rating: 66<BR />Sig Version: S448</P><P></P><P>I am looking for more information regarding this alert, is this flase positive?</P> Sun, 10 Mar 2019 12:02:56 GMT FIS-Global FIS-ProNet 2019-03-10T12:02:56Z https://community.cisco.com/t5/network-security/sig-name-cucm-cti-dos/m-p/1457850#M67025 <P>I am seeing Sig ID: 6799 Subsig 0 a lot on our 4215.</P><P>Sig Name: CUCM CTI DoS<BR />Sig ID: 6799<BR />Severity: Medium<BR />Risk Rating: 66<BR />Sig Version: S448</P><P></P><P>I am looking for more information regarding this alert, is this flase positive?</P> Sun, 10 Mar 2019 12:02:56 GMT https://community.cisco.com/t5/network-security/sig-name-cucm-cti-dos/m-p/1457850#M67025 FIS-Global FIS-ProNet 2019-03-10T12:02:56Z https://community.cisco.com/t5/network-security/sig-name-cucm-cti-dos/m-p/1457851#M67028 <HTML><HEAD></HEAD><BODY><P>The best place to begin research on Cisco IPS signature issues is the Cisco IntelliShield site:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/security">http://www.cisco.com/security</A></P><P></P><P>For this specific signature, the details are outlined here:</P><P></P><P><A class="jive-link-external-small" href="http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=6799&amp;signatureSubId=0&amp;softwareVersion=6.0&amp;releaseVersion=S448">http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=6799&amp;signatureSubId=0&amp;softwareVersion=6.0&amp;releaseVersion=S448</A></P><P></P><P>Details of the exploit detected are outlined here:</P><P></P><P><A class="jive-link-external-small" href="http://tools.cisco.com/security/center/viewAlert.x?alertId=16136">http://tools.cisco.com/security/center/viewAlert.x?alertId=16136</A></P><P></P><P>Without being able to see the traffic which triggered the signature it will not be possible to determine whether this is a false positivie or not.&nbsp; Specific network conditions will assist more accurately determining the validity of the event.</P><P></P><P>Scott</P></BODY></HTML> Fri, 02 Jul 2010 18:26:22 GMT https://community.cisco.com/t5/network-security/sig-name-cucm-cti-dos/m-p/1457851#M67028 Scott Fringer 2010-07-02T18:26:22Z