08-16-2006 11:45 AM - edited 03-10-2019 03:10 AM
Is anyone else getting over run with these signatures firing for no apparent reason?
08-17-2006 06:33 AM
Yes, I also see quite a lot of these (3251) from virtualized web and VPN environments. Sometimes this sig can fire because of packet trickery involved with some of environment protocols. I'm interested to hear what others are doing, or if this Sig is ever actionable.
08-17-2006 11:06 AM
If you have not already done so, I would recommend upgrading your sensors to 5.1(3).
In 5.1(2) (this service pack is not available on CCO anymore), the following bugid is noted:
CSCsd00877 TCP Hijack signatures false positive.
In our environments, this has helped. Still get the occassional events, but not the large amount as before.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide