Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
563
Views
0
Helpful
4
Replies

net flood tcp

darin.marais
Level 4
Level 4

‎09-11-2006 03:23 AM - edited ‎03-10-2019 03:12 AM

There seams to be a problem with the signature Net Flood TCP. The Cisco Intrusion Prevention sensor is installed in promiscuous mode and is at version 5.1(2) S247.0. The signature is enabled for rate 0 and to produce at alert.

signatures 6920 0

status

enabled true

rate: 0 <defaulted>

event-action: produce-alert <defaulted>

My problem is that we do not receive any alert. Is there a logical reason for this and if so what is it?

Labels:
0 Helpful
4 Replies 4

smahbub
Level 6
Level 6

‎09-15-2006 09:32 AM

This happens probably due to a corrupt image. Try reloading the IPS image from a backup

0 Helpful

darin.marais
Level 4
Level 4
In response to smahbub

‎09-15-2006 11:17 AM

i think it is a bug in 5.x. TAC are working on a solution right now....

0 Helpful

darin.marais
Level 4
Level 4
In response to darin.marais

‎09-15-2006 03:28 PM

Let me say this again. It?s not a bug with the sensor as the alert is received. The problem is that the vms server does not pull the alert from the sensor database.

0 Helpful

darin.marais
Level 4
Level 4
In response to darin.marais

‎09-26-2006 04:32 AM

for those having the same problem.

quote:

Patch for CSCsg09932 - SecMon does not display any alert for sig6920

rate if it helps

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card