I have performed a packet capture and identified the alerts as a false positive. How do I upload the capture?

You can upload your capture directly on Netpro. When you post an answer, you'll notice the "Add Attachments" link below the Post button.

We are seeing this as well. In our environment it's on a Unisys printer attached with an external HP Jetdirect server.

I have a log but cannot attach it here directly due to any information that is in it that may be confidential. I'd be happy to upload it directly via another avenue.

Sincerely,

Ron Russell

Cisco MUST do a better job of tuning their signatures. We implemented a Juniper IDP (inline and blocking) and I only rely on the Cisco IDSs for secondary / tertiary information b/c of this very reason. I spent about 1 full day chasing down the false positives on this one siganture. A hugh waste of my companies time and money and a another reminder that we made the right choice in implementing our Juniper IDP.

Contact me directly with any questions about our Juniper Intrusion Prevention and Detection appliance. It sits inline and filters our VPN, Internet and RAS segments coming into our network.

We are researching this signature for modification in a future update.