I have a similar situation with a different website. It is a site that several users visit to update a company web page. Every time the site is visited I get TCP_Overlap_Data events like crazy. I have looked at this from every possible angle and am still at a loss as to why it happens.
-----Original Message----- From: Chris Caydes [mailto:[EMAIL PROTECTED] Sent: Thursday, February 20, 2003 11:28 AM To: [EMAIL PROTECTED] Subject: [ISSForum] TCP_Overlap_Data .... CNN.com Hello everyone, My RealSecure 6.5 network sensor sends many TCP_Overlap_Data events (around a hundred per minute during business hours), apparently caused by HTTP accesses made to the CNN.com website. The alert is generated on CNN.com's reply packets, like on the example below. The source address 64.236.24.137 resolves to i3.cnn.net. Has anyone else experienced similar phenomenon ? The CNN.com website is very popular in my company, plus it contains pages that refresh automatically. 'TCP_Overlap_Data' event detected by the RealSecure 'network_sensor_1' at 'xxx.xxx.xxx.xxx'. Details: Source Address: 64.236.24.137 Source Port: HTTP (80) Source MAC Address: 00:30:85:D3:D0:C2 Destination Address: xxx.xxx.xxx.xxx Destination Port: 27881 Destination MAC Address: xx:xx:xx:xx:xx:xx Time: 2003-02-20 16:07:54 UTC Protocol: TCP (6) Priority: high Actions: DISPLAY=Default:0,EMAIL=Default:0,VIEWSESSION=Default:0 Event Specific Information: Regards, Chris __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
