Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
0
Helpful
2
Replies

IPS high alerts with Cisco sites as the attacker?

MARK BAKER
Level 4
Level 4

‎08-31-2006 06:24 AM - edited ‎03-10-2019 03:11 AM

Has anyone else recently been getting Alerts on the below signatures while accessing Cisco sites?

Windows Shell External Handler

Apache mod_proxy Buffer Overflow

3340:0

3883:0

The above two alerts listed ftp-sj.cisco.com as the attacker and my CS-Manager as the victim. I assume this is during IPS signature file downloads.

While searching the Cisco forums about the above issue, I received an alert on sig 3440 with tools.cisco.com as the attacker and my personal PC as the victim.

Thanks for any info.

Labels:
0 Helpful
2 Replies 2

MARK BAKER
Level 4
Level 4

‎08-31-2006 06:53 AM

It appears the alert that fired on 3440 with tools.cisco.com as the attacker occured while I was looking up the 3440 signature on MySDN. I believe the signature description contains the trigger for this alert "=shell".

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card