Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
Has anyone seen the TCP SYN/FIN 3140 signature trigger on TCP traffic from port 37892 to port 0? I have seen this many different times including from traffic coming from a VPN client to a Cisco VPN Concentrator. Just today I saw it coming from a cl...
I keep getting this error on one of my devices and it also is having problems logging events. I am wondering if these two problems are related. I am not sure what the Cid/E invalid document is referring to. If someone could kindly advise than mayb...
Yes, subsig 0. I know SYN/FIN is not RFC compliant and it was used to circumvent poorly coded packet filtering firewalls back a few years ago. These packets however have been seen coming from different networks, but usually having a similiar M.O.(...
You should be able to scp from a linux/unix box to get the files off the IDS. Would require scp'ing with the service account and knowing the directory where the files are stored. Not sure if that is a supported feature or not.
That's a very valid point CSIDS. I would have to agree. I think now that the most likely problem is something is configured for shunning but it is missing something required for that action. I will have to check further in to this when I am back a...
The sensor is accessed via CLI and HTTPS. We have a custom app that pulls events for monitoring purposes. I am more concerned about the XML parser error than the TLS error. I am not sure if the two are related.
That IS the exact error message I am getting. That was a direct cut and paste from show tech-support output. I also notice this if you do a show events alert low past 01:00:00.
