09-29-2006 02:39 PM - edited 03-10-2019 03:15 AM
Seeing alot of activity with regard to this new vulnerability. The sensor is denying packets. The html is usually in the "Context" of the packet. Has anyone seen false positives for this signature?
<html xmlns:v="urn:schemas-microsoft-com:vm
09-29-2006 05:35 PM
Just to confirm is this subsig 5813-0? Or another subsignature.
Would you be able to provide the triggering packet through a produce verbose alert or even better a traffic sample?
09-30-2006 06:01 AM
Over 2200 alerts since the signature was intruduced.
These are ALL subsig 0.
We use Security Monitor to display our events.
Will Verbose alerts show in Secmon under ALERT DETAILS after enabled for this signature? (evIdsalert)
09-30-2006 01:04 PM
There is a bug in Ciscoworks VMS Security Monitor, Secmon will always display subsig 0. The bug does not show the proper subsig. To determine the correct subsig you will need to obtain the event from the sensor itself using "show events" command.
M
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide