Hello everyone,
My RealSecure 6.5 network sensor sends many
TCP_Overlap_Data events (around a hundred per minute
during business hours), apparently caused by HTTP
accesses made to the CNN.com website.
The alert is generated on CNN.com's reply packets,
like on the example below. The source address
64.236.24.137 resolves to i3.cnn.net.
Has anyone else experienced similar phenomenon ? The
CNN.com website is very popular in my company, plus it
contains pages that refresh automatically.
'TCP_Overlap_Data' event detected by the RealSecure
'network_sensor_1' at 'xxx.xxx.xxx.xxx'.
Details:
Source Address: 64.236.24.137
Source Port: HTTP (80)
Source MAC Address: 00:30:85:D3:D0:C2
Destination Address: xxx.xxx.xxx.xxx
Destination Port: 27881
Destination MAC Address: xx:xx:xx:xx:xx:xx
Time: 2003-02-20 16:07:54 UTC
Protocol: TCP (6)
Priority: high
Actions:
DISPLAY=Default:0,EMAIL=Default:0,VIEWSESSION=Default:0
Event Specific Information:
Regards,
Chris
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
