Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
6
Replies

Windows RPC Dcom overflow

bizsnatch
Level 1
Level 1

‎10-21-2003 10:59 AM - edited ‎03-09-2019 05:13 AM

Has anyone discovered any benign triggers for this signature yet? It's triggered a few times on my network and the machines are clean.

thanks,

biz

Labels:
0 Helpful
6 Replies 6

anthall
Level 1
Level 1

‎10-21-2003 11:45 AM

Which version are you running? Which signature is firing (subsig)?

0 Helpful

bizsnatch
Level 1
Level 1
In response to anthall

‎10-21-2003 08:55 PM

ID: 3327 Sub ID: 0

Sensor Info:

Cisco Systems Intrusion Detection Sensor, Version 4.1(1)S57

0 Helpful

lwierenga
Level 1
Level 1

‎10-21-2003 09:00 PM

Are these systems triggering the alarms servers, workstations or both? Load-balancing between servers may cause this alarm to fire. I have heard that SMS agent under certain circumstances will fire a false-positive. Need more information.

0 Helpful

bizsnatch
Level 1
Level 1
In response to lwierenga

‎10-22-2003 11:12 AM

They are triggering from workstation to server. Only 3 at this point.

0 Helpful

klwiley
Cisco Employee
Cisco Employee
In response to bizsnatch

‎10-22-2003 12:56 PM

Could you set the sensor up to capture the trigger packet? When you get one that you beleive is a false positive we can then help extract that alarm and we will be able to analyze what is causing it.

You can contact Tony Hall at anthall@cisco.com when you have a suspect.

0 Helpful

bizsnatch
Level 1
Level 1
In response to klwiley

‎10-22-2003 01:13 PM

Sure will... thanks.

0 Helpful
Customers Also Viewed These Support Documents