11-18-2003 07:53 AM - edited 03-09-2019 05:34 AM
I upgraded to 4.1-3-S61 and am now getting several rf poison signatures throught the internal network. Does anybody know what process might trigger this alert and how to filter it other than disabling the sig?
11-18-2003 03:16 PM
We have had several cases of 3323 firing since S61. We made some changes to the SMB engine in order to cover the lastest Microsoft vulnerabilities. It appears that in doing so, the 3323 logic loosened up and is now false positive firing. We recommend disabling the signature and will work on having it fixed in the next signature update.
Scott C
03-24-2004 06:00 AM
I have been getting large amounts of events at the mgt station for the signature SMB:RFPoison Attack ID: 3323. Can you tell me if the problem that was addressed in this thread has been resolved? i am a 4.1-3s81 on the sensors
03-24-2004 08:21 AM
There is a fix in the upcoming 4.1.4 release
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide