Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
646
Views
0
Helpful
2
Replies

Sig 3250 -3251

swimmer116
Level 1
Level 1

‎08-16-2006 11:45 AM - edited ‎03-10-2019 03:10 AM

Is anyone else getting over run with these signatures firing for no apparent reason?

Labels:
0 Helpful
2 Replies 2

mcartoz33
Level 1
Level 1

‎08-17-2006 06:33 AM

Yes, I also see quite a lot of these (3251) from virtualized web and VPN environments. Sometimes this sig can fire because of packet trickery involved with some of environment protocols. I'm interested to hear what others are doing, or if this Sig is ever actionable.

0 Helpful

npham
Level 1
Level 1

‎08-17-2006 11:06 AM

If you have not already done so, I would recommend upgrading your sensors to 5.1(3).

In 5.1(2) (this service pack is not available on CCO anymore), the following bugid is noted:

CSCsd00877 TCP Hijack signatures false positive.

In our environments, this has helped. Still get the occassional events, but not the large amount as before.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card