Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
4
Helpful
1
Replies

TCP Segment Overwrite

sagittarius
Level 1
Level 1

‎06-22-2007 10:19 AM - edited ‎03-10-2019 03:40 AM

I'm getting ~ 330,000 "TCP Segment Overwrite" alerts a day from the 6 IDS/IPS sensors. Destination of these packets are 0.0.0.0 or Internal IPs(10.x.x.x). The source IP is mostly Internal Subnet (10.x.x.x). Do I need to investigate these events/alerts?. What do we need to monitor for this event? Do we need to monitor traffic originating from external source?

Labels:
0 Helpful
1 Reply 1

attmidsteam
Level 1
Level 1

‎06-22-2007 11:38 AM

We turned the sig off since it didn't seem to provide any value.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card