This was originally released in S214 Enabled and Active. The default status was updated in S297 to a Disabled and Retired state as the threat and exposure levels for this particular vulnerability is now quite low.
If this is in an inline scenario the offending packets are dropped by default. To investigate it further I check to see what other alerts are triggering for the offending hosts. This will give you more information to ascertain what these hosts are ...
This is configurable through:Event Action Rules->Event Action Filtershttp://www.cisco.com/univercd/cc/td/doc/product/iaabu/csids/csids13/idmguide/dmevtrul.htm#wp1082564-jonathan
I need a bit more information to figure out the issue.Can you please send me your updated signature settings, and if possible an output or produce-verbose-alert. You can e-mail this output directly if you like.