https://community.cisco.com/t5/network-security/tomcat-denial-of-service-attack/m-p/481952#M95002 <HTML><HEAD></HEAD><BODY><P>Can you please send me some more information and we can look into refining this signature.</P><P></P><P>An IPLog dmp file or a traffic capture would help me dig into the cause of the false positive.</P><P></P><P>-jonathan</P></BODY></HTML> Tue, 29 Nov 2005 15:51:40 GMT jlimbo 2005-11-29T15:51:40Z https://community.cisco.com/t5/network-security/tomcat-denial-of-service-attack/m-p/481951#M95001 <P>The signature id 5648 (Tomcat Denial of Service Attack) seams to be prone to false positives.... </P><P></P><P>We have seen in a number of incidents, that when the destination of this attack uses the ephemeral port of 8007 with an established connection on TCP port 80, the signature is often triggered. The signature looks for the content \xfe\x0f</P><P></P><P>Is anyone else seeing this problem?</P> Sun, 10 Mar 2019 09:46:31 GMT https://community.cisco.com/t5/network-security/tomcat-denial-of-service-attack/m-p/481951#M95001 darin.marais 2019-03-10T09:46:31Z https://community.cisco.com/t5/network-security/tomcat-denial-of-service-attack/m-p/481952#M95002 <HTML><HEAD></HEAD><BODY><P>Can you please send me some more information and we can look into refining this signature.</P><P></P><P>An IPLog dmp file or a traffic capture would help me dig into the cause of the false positive.</P><P></P><P>-jonathan</P></BODY></HTML> Tue, 29 Nov 2005 15:51:40 GMT https://community.cisco.com/t5/network-security/tomcat-denial-of-service-attack/m-p/481952#M95002 jlimbo 2005-11-29T15:51:40Z https://community.cisco.com/t5/network-security/tomcat-denial-of-service-attack/m-p/481953#M95003 <HTML><HEAD></HEAD><BODY><P>i replied to you with the information you requested offline</P></BODY></HTML> Thu, 01 Dec 2005 14:32:54 GMT https://community.cisco.com/t5/network-security/tomcat-denial-of-service-attack/m-p/481953#M95003 darin.marais 2005-12-01T14:32:54Z