Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
2
Replies

IE Action Handler Overflow

mcartoz33
Level 1
Level 1

‎03-23-2006 07:10 AM - edited ‎03-10-2019 01:56 AM

Has anyone else been seeing large occurences of this signature from what appears to be normal web application/browsing activity? No further tuning of the sig has been performed.

Labels:
0 Helpful
2 Replies 2

hendetl
Level 1
Level 1

‎03-23-2006 11:07 AM

Just waiting on the tuned sig - I hope, I hope, I hope. If it doesn't come soon, we'll have to filter it or turn it off.

0 Helpful

jdal
Cisco Employee
Cisco Employee

‎03-24-2006 07:36 AM

If you are seeing that signature firing, that means you or your users are browsing a web page including more than 2000 script action handlers.

That is possible but shouldn't be so common. I'd suggest to increase the Event Count value to something bigger.

The risk in this case would be to miss a real attack.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card