Hi, One thing that I forgot to mention on my previous post is that the RS6.5 net sensor is located outside the firewall, and that the firewall PATs web accesses behind one single IP source address.
Thus, what the IDS sees is many accesses to CNN's websites, all coming from the same source address. Could the TCP_Overlap_Data event come from the fact that the sensor assumes that all connections actually come from the same source, and considers that the TCP sequence numbers aren't coherent ? (while actually, there are plenty of independant connections made to CNN simultaneously).. Thanks. Regards, Chris __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
