cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
250
Views
0
Helpful
1
Replies

IPS 4240 seems to be dropping legitimate packets

Kevin Melton
Explorer
Explorer

I have an IPS 4240 installed in between my customers Outside Firewall and his Internet Router.

I have been receiving excessive Alarms from the IPS with respect to a match on signature ID:1300/0. This is allegedly a TCP Segment Overright. The addresses are the addresses of a DNS server provided by our ISP, and then our Front End Mail Server in our DMZ. Is this most likely a false positive, or is it a crafted packet that could be an attack?

1 Reply 1

Farrukh Haroon
Engager
Engager

We see this signature fire all the time for hosts about whom we are sure that they are not HaX0RiNG our network :)

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: