Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
1
Replies

IPS 4240 seems to be dropping legitimate packets

Kevin Melton
Level 2
Level 2

‎09-04-2008 11:11 AM - edited ‎03-10-2019 04:17 AM

I have an IPS 4240 installed in between my customers Outside Firewall and his Internet Router.

I have been receiving excessive Alarms from the IPS with respect to a match on signature ID:1300/0. This is allegedly a TCP Segment Overright. The addresses are the addresses of a DNS server provided by our ISP, and then our Front End Mail Server in our DMZ. Is this most likely a false positive, or is it a crafted packet that could be an attack?

Labels:
0 Helpful
1 Reply 1

Farrukh Haroon
VIP Alumni
VIP Alumni

‎09-06-2008 11:38 PM

We see this signature fire all the time for hosts about whom we are sure that they are not HaX0RiNG our network :)

Regards

Farrukh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card