IPS high alerts with Cisco sites as the attacker?

Has anyone else recently been getting Alerts on the below signatures while accessing Cisco sites?
Windows Shell External Handler
Apache mod_proxy Buffer Overflow
3340:0
3883:0
The above two alerts listed ftp-sj.cisco.com as the attacker and my CS-Manager as the victim. I assume this is during IPS signature file downloads.
While searching the Cisco forums about the above issue, I received an alert on sig 3440 with tools.cisco.com as the attacker and my personal PC as the victim.
Thanks for any info.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddbe05b

Similar Messages

  • IPS Tech Tips: IPS Best Practices with Cisco Remote Management Services

    Hi Folks -
    Another IPS Tech Tip coming up and this time we will be hearing from some past and current Cisco Remote Services members on their best practice suggestions. As always these are about 30 minutes of content and then Q&A - a low cost high reward event.
    Hope to see you there.
    -Robert
    Cisco invites you to attend a 30-45 minute Web seminar on IPS Best   Practices delivered via WebEx. This event requires registration.
    Topic: Cisco IPS Tech Tips - IPS Best Practices with Cisco Remote Management   Services
    Host: Robert Albach
    Date and Time:
    Wednesday, October 10, 2012 10:00 am, Central Daylight Time (Chicago,   GMT-05:00)
    To register for the online event
    1. Go to https://cisco.webex.com/ciscosales/onstage/g.php?d=203590900&t=a&EA=ralbach%40cisco.com&ET=28f4bc362d7a05aac60acf105143e2bb&ETR=fdb3148ab8c8762602ea8ded5f2e6300&RT=MiM3&p
    2. Click "Register".
    3. On the registration form, enter your information and then click   "Submit".
    Once the host approves your registration, you will receive a confirmation   email message with instructions on how to join the event.
    For assistance
    http://www.webex.com
    IMPORTANT NOTICE: This WebEx service includes a feature that allows audio and   any documents and other materials exchanged or viewed during the session to   be recorded. By joining this session, you automatically consent to such   recordings. If you do not consent to the recording, discuss your concerns   with the meeting host prior to the start of the recording or do not join the   session. Please note that any such recordings may be subject to discovery in   the event of litigation. If you wish to be excluded from these invitations   then please let me know!

    Hi Marvin, thanks for the quick reply.
    It appears that we don't have Anyconnect Essentials.
    Licensed features for this platform:
    Maximum Physical Interfaces       : Unlimited      perpetual
    Maximum VLANs                     : 100            perpetual
    Inside Hosts                      : Unlimited      perpetual
    Failover                          : Active/Active  perpetual
    VPN-DES                           : Enabled        perpetual
    VPN-3DES-AES                      : Enabled        perpetual
    Security Contexts                 : 2              perpetual
    GTP/GPRS                          : Disabled       perpetual
    AnyConnect Premium Peers          : 2              perpetual
    AnyConnect Essentials             : Disabled       perpetual
    Other VPN Peers                   : 250            perpetual
    Total VPN Peers                   : 250            perpetual
    Shared License                    : Disabled       perpetual
    AnyConnect for Mobile             : Disabled       perpetual
    AnyConnect for Cisco VPN Phone    : Disabled       perpetual
    Advanced Endpoint Assessment      : Disabled       perpetual
    UC Phone Proxy Sessions           : 2              perpetual
    Total UC Proxy Sessions           : 2              perpetual
    Botnet Traffic Filter             : Disabled       perpetual
    Intercompany Media Engine         : Disabled       perpetual
    This platform has an ASA 5510 Security Plus license.
    So then what does this mean for us VPN-wise? Is there any way we can set up multiple VPNs with this license?

  • My iphone 4 is not recognized by itunes when i connect to it, wants me to restore to factory settings. after i agree , an alert with error 9 stopped the sync. the phone wont start

    my iphone 4 is not recognized by itunes when i connect to it and tells me that the phone is in recovery mode, wants me to restore to factory settings. after i agree , an alert with error 9 stopped the sync. the phone wont start

    Thanks for the response. There is no cloud icon next to them. All of the songs play on the phone still and no song was purchased through iTunes. I added them manually and tried to remove them manually. According to my iTunes they've been removed but they are still on my phone and working.

  • Is there a way to open a new window with one site when the home setting on Firefox has multiple websites?

    While working in Firefox is there a way to open a new window with one site when the home setting on Firefox has multiple websites?

    I guess I'm not explaining myself fully. I have a home page designation in firefox preferences that starts firefox up with 5 sites. that pretty fills up my screen with tabs.
    At some point I want to initiate another WINDOW in firefox (NOT a tab). I would like to be able to open up a window that ONLY has ONE tab, or as if there were only one site designated as the home page. This gives me a workspace that has my most useful sites available in tabs in one window, and also another WINDOW that I can move around in and even create more tabs without messing up my primary set of TABS (in my primary window). I see how this might not be doable without doing what I do now, which is open up a new window, and then close tabs until the new window just has one tab for me to work from.

  • TelePresence Conductor with Cisco TMS Deployment - the missing part

    Hello,
    I am looking at the deployment guides for Telepresence Conductor XC3.0:
    Cisco TelePresence Conductor with Cisco Unified CM Deployment Guide (XC3.0)
    Cisco TelePresence Conductor with Cisco TMS Deployment Guide (XC3.0 with TMS 14.6)
    To setup the TMS, the Conductor and CUCM for scheduled meetings.
    The Doc #2, explains how to add the Telepresence Conductor to the TMS, create the scheduled conference alias and configure the conductor on the TMS
    The Doc #1, explains how to setup the CUCM and the Conductor for ad-hoc and meet-me conference.
    So it looks that there's a part missing. How do we setup the CUCM for the scheduled conferences managed by the Conductor?
    With the Doc#2, I can create my scheduled meetings and get a conference SIP address, but how do my endpoints registered on my CUCM route to them. I guess I have to create a SIP trunk on my CUCM but to where? the main conductor IP ? A new location with a new VIP pointing to the same template as the conference alias ?
    Another strange thing in the Doc #1, on page 87 of the documentation for Conductor XC3.0 it says:
    "Scheduled conferences
    Scheduled conferences are not supported in TelePresence Conductor version XC2.4. It will be supported for Personal Multiparty Advanced in a future version of TelePresence Conductor software."

    Hi Matthieu,
    I guess I have to create a SIP trunk on my CUCM but to where?
    You would use a rendezvous location and build a SIP trunk to that location from CUCM to Conductor.  
    Another strange thing in the Doc #1
    this is specific to the Personal Multiparty Advanced feature, looks like the version wasn't updated in the doc to XC3.0 for this line.
    -Jonathan

  • Problem with Cisco IPMA - between the manager profile and assistant profile

    Greetings to all.
    The problem basically is that wen I do a call (internal o external) to the extension configured in the manager phone, the assistant phone dosen`t rings or take the call, even the call in progress dosen`t appears in the Cisco Unified Communications Manager Assistant Console of the Assistant
    Also the icons of the IPMA in the manager phone dosen`t appears.
    I have check the following:
    1.The configurations on both profile and its look ok
    2.I have restar the Cisco IPMA, CTI and Tomcat Service
    3.I have reconfigured the profiles
    What else I can do
    What is the most common cause in these cases
    Thanks

    I have the same problem, did you resolve it ?
    Our Customer have about 50 IPMA and there are work. The problem is only with 4 IPMA Assistance (always the same). Sometimes (few times in week) lost  Assistance  icon Managers, and Managers doesn’t see shared lines, Intercom, services IPMA on phone doesn’t work. But sometimes Assistant icon is showing but Manager don’t see active connection and can’t call via Intercom.
    Assistance have 7962 Phone with load cmterm-7942_7962-sccp.9-2-3.cop.sgn
    Managers have 7965 Phone with load cmterm-7945_7965-sccp.9-2-3.cop.sgn
    CUCM (PUB/SUB) is 8.6.2.20000-2
    I opened a TAC case already but the problem is not resolved.

  • Will an ipad brought in america work in the uk.and if it does will the 3g be compatible with mobile sites in the uk

    will an ipad brought in america be ok to use in the uk
    also will the 3g version work on uk 3g many thanks
    john

    Yes and yes.

  • Opening a new URL, a blank page appears with 2 messages on the top left and right corner of the window: "Advertise here" and "Skip this ad" and it will not go to the requested site until I push "Skip this ad"

    It would be nice to have the possibility to attach a print screen or something to give you a better idea what is happening and how it looks like.
    Anyway, what I described above is accurate:
    - the address bar shows the link where I wish to go
    - but the page loaded is blank with these 2 hyperlink messages ("Advertise here" in the top left corner, and "Skip this ad" in the top right corner).
    I would like to emphasize that it does not have to do with the requested URL: it does the same thing with all sites, all the time.

    For me is the same, it's yet 6 months.
    the blank page apears for the first 20-30 of the day's navigation, then no more.
    For example: If I open firefox at 9 a.m., it appears until 9.30 more or less. If i surf the web until mignight, at 00.01 a.m. this page starts bugging me.
    I have yust to click on the link "skip this ad" to return to the desired web page.
    Using Adblockplus and NoScript plug-ins had sadly no effect.
    I've read somewere that the ploblem should be an f**** adware called "directCPV"., and that the solution is toremove an .exe file called Directcpv.exe or somewhat else, but in my pc I haven't found any of those linked to this adware.
    I tried a full system scan with an antivirus (McAfee), with Malwarebytes, Ad-Aware, ATF cleaner, Spybot, Exterminate-it but NO RESULTS.
    I tried to do this in safe mode too.
    No way cleaning the cache, temp files, cookies etc.
    finally I tried to uninstall Firefox (cleaning all registry entry too) and reinstall it, but the problem is still there.
    The only cure seems to be formatting the HD, but it's very last chance.
    If someone have an idea, please post it here.

  • Ask the Expert: C-Series Integration with Cisco Unified Computing System Manager

    Welcome to the Cisco Support Community Ask the Expert conversation. This conversation is an opportunity to learn and ask questions about Cisco C-Series Integration with Cisco Unified Computing System® Manager (Cisco UCS® Manager) with Cisco experts Vishal Mehta and Manuel Velasco.
    Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (Cisco IMC). When a C-Series rack-mount server is integrated with Cisco UCS Manager, the IMC no longer manages the server. Instead you will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager command-line interface (CLI).
    Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management. The following are the connectivity modes:
    Dual-wire management (shared LAN On Motherboard [LOM]): Shared LOM ports on the rack server are used exclusively for carrying management traffic.A separate cable connected to one of the ports on the Payment Card Industry Express (PCIe) card carries the data traffic.
    SingleConnect (Sideband): Using Network Controller Sideband Interface (NC-SI), the Cisco UCS Virtual Interface Card 1225 (VIC1225) connects one cable that can carry both data and management traffic.
    Direct Connect Mode: Cisco UCS Manager Version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
    Vishal Mehta is a customer support engineer for Cisco’s Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco Nexus® 5000, Cisco UCS, Cisco Nexus 1000V, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching and service provider.
    Manuel Velasco is a customer support engineer for Cisco’s Data Center Server Virtualization TAC team based in San Jose, California.  He has been working in the TAC for the past 3 years with a primary focus on data center technologies such as Cisco UCS, Cisco Nexus 1000V, and virtualization.  Manuel holds a master’s degree in electrical engineering from California Polytechnic State University (Cal Poly) and CCNA® and VMware VCP certifications. Remember to use the rating system to let Vishal and Manuel know if you have received an adequate response. 
    Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation in the Data Center, under subcommunity, Unified Computing, shortly after the event. This event lasts through May 23, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

    Hello Sebastian,
    The different modes of connecting C-Series with UCSM come into play depending on the type of infrastructure you already have along with C-Series and NIC model.
    Cisco UCS C-Series Rack-Mount Servers are managed by the built-in standalone software, Cisco Integrated Management Controller (CIMC) .
    Powerful features provided by Cisco UCS Manager can be leveraged to manage C-Series server by integrating  C-Series Rack-Mount Server with UCSM.
    This not only gives you rich-feature set but also one management plane to operate UCS-B Series Chassis and UCS-C Series Rack Server.
    You will manage the server using the Cisco UCS Manager GUI or Cisco UCS Manager CLI.
    Cisco UCS Manager 2.2 provides three connectivity modes for Cisco UCS C-Series Rack-Mount Server management.
    The following are the connectivity modes:
    •  Dual-wire Management (Shared LOM):
    Shared LAN on Motherboard (LOM) ports on the rack server are used exclusively for carrying management traffic. A separate cable connected to one of the ports on the PCIe card carries the data traffic. Using two separate cables for managing data traffic and management traffic is also referred to as dual-wire management.
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0100.html
    This mode is recommended when you have C-Server which does not  have or cannot support VIC 1225 card (such C-200 server)
    •  SingleConnect (Sideband):
    Using Network Controller Sideband Interface (NC-SI), Cisco UCS VIC1225 Virtual Interface Card (VIC) connects one cable that can carry both data traffic and management traffic.
    This feature is referred to as SingleConnect.
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_011.html
    This most recommended Integration model when using FEX and VIC 1225 card
    •  Direct Connect Mode:
    Cisco UCS Manager release version 2.2 introduces an additional rack server management mode using direct connection to the Fabric Interconnect.
    This mode will eliminate the need for FEX module as Servers are directly plugged into the base ports of Fabric Interconnect
    http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/c-series_integration/ucsm2-2/b_C-Series-Integration_UCSM2-2/b_C-Series-Integration_UCSM2-2_chapter_0110.html
    Please let us know if you need more information. Thank you!
    Thanks,
    Vishal

  • High latency when only me on the internet!!!!!!!!!...

    why is it that im still getting high latency with just me on the internet not downloading and just playing a game, there are only 30 people in the cabinet out of 100 and ive just noticed the latency has only gotten really high since its gotten windy, also gettting awful packet loss , the engineer also changed the connection at the pole. look at this cable though is it supposed to be this bad when it gets to the house wall ???????? http://gyazo.com/51d69c5c9b34a4230c945ed87733efd3
    speedtest result: http://gyazo.com/d7f9d2b852be797637c4547f33f924ee

    look at these, a bit blury but yeah iphone camera lol had to zoom
    http://gyazo.com/6c8652db116846e0f0d8f0a0a0747c46
    http://gyazo.com/79447e2a61549d0547f44f7f7d6a7ac8
    http://gyazo.com/8ecbcb53fcea2cd323d2d8936ffdd89d

  • Problem with creating site from another computer!

    Hi
    I have WebDB 2.2 and Oracle8i instaled on the same computer. I have a problem to create site from another computer. There is not any process when I try to create site. There is always 0%.
    But I have no problem with creating site on the origin computer.
    Does anybody know something about it?

    I am just not clear what to do once I have made changes and have published the new information.
    You shouldn't have to do anything. iWeb will save the information in the Domain.sites file. You can keep this file in a folder, or even on your desktop and iWeb will launch from a double-click on the file.

  • Email Alert with data from payload SAP PI 7.0

    Hi,
    i have a requirement to send an email alert when a Purchase Order Transmission fails through PI. In the email i need to send PO number which had failed.
    Format is:
    Subject- PO # XXXXXXX failed to reach XXXTarget
    in the mail content i need to mention the error and why the error occurred.
    Please tell if this is possible in SAP PI 7.0 If yes then How?
    Regards,
    Ashwani

    Hi,
    If the message fails in in mapping, you can send the alert with PO number in the email. Steps would be following.
    Catch the execpetion
    Call RFC SALERT_CREATE  by passing required parameters
    You can also pass the PO number as one of the value which will can be used in you alert category
    PO number can be used as one of the Alert container
    But if the message fails in adapter engine you cannot send the PO number in the email. You can just send email with standard alert containers.

  • Working with remote site via FTP - getting html only

    I''m using DW to remotely work with the website via FTP. Is
    it possible to make it NOT download all the assosiated files with
    the html, that I'm edtiting? I switched on the prompts in getting
    and putting stuff, but it still tries to download or upload
    additional stuff. I need it to deal only with html.
    Thanks for any clues.

    > It works good, it is just disturbing, that it is trying
    to upload
    > everything
    > besides pages.
    Works good? Make one silly mistake and you are toast.
    Use a version control system instead. DW has a primitive one
    in
    Checkin/Checkout, but it may be all you need.
    I would NEVER do what you are doing in a multi-user
    environment....
    Murray --- ICQ 71997575
    Adobe Community Expert
    (If you *MUST* email me, don't LAUGH when you do so!)
    ==================
    http://www.projectseven.com/go
    - DW FAQs, Tutorials & Resources
    http://www.dwfaq.com - DW FAQs,
    Tutorials & Resources
    ==================
    "simterra" <[email protected]> wrote in
    message
    news:fpki1l$2ci$[email protected]..
    > hmm, because several people work with my site on the
    same documents, it
    > generates a mess if they deal with editing local pages
    and uploading them
    > to
    > the server. Working directly with pages from the server
    solve this
    > problem -
    > they're always getting the last version (given that time
    they work with
    > them is
    > largely different).
    >
    > It works good, it is just disturbing, that it is trying
    to upload
    > everything
    > besides pages.
    >

  • Alerting with IPS Event Viewer

    Does anyone know if you can actually setup email/paging alerts with the IEV? The web site for cisco IPS says that it can, but I haven't been able to find anything in the application that shows it can email alerts out when an event is received.
    TIA!

    The current IEV 5.1 cannot do the email/paging. We got ahead of ourselves with the info on the web site. The 5.2 version will be able to do email/paging. Its in QA now and should be ready RSN. Yah, I know, nobody likes Real Soon Now.
    Scott

  • Azure multiple site-to-site VPNs (dynamic gateway) with Cisco ASA devices

    Hello
    I've been experimenting with moving certain on-premise servers to Azure however they would need a site-to-site VPN link to our many branch sites e.g. monitoring of nodes.
    The documentation says I need to configure a dynamic gateway to have multiple site-to-site VPNs. This is not a problem for our typical Cisco ISR's. However three of our key sites use Cisco ASA devices which are listed as 'Not Compatible' with dynamic routing.
    So I am stuck...
    What options are available to me? Is there any sort of tweak-configuration to make a Cisco ASA work with Azure and dynamic routing?
    I was hoping Azure's VPN solution would be very flexible.
    Thanks

    Hello RTF_Admin,
    1. Which is the Series of CISCO ASA device you are using?
    Thank you for your interest in Windows Azure. The Dynamic routing is not supported for the Cisco ASA family of devices.
    Unfortunately, a dynamic routing VPN gateway is required for Multi-Site VPN, VNet to VNet, and Point-to-Site.
    However, you should be able to setup a site-to-site VPN with Cisco ASA 5505 series security appliance as demonstrated in this blog:
    Step-By-Step: Create a Site-to-Site VPN between your network and Azure
    http://blogs.technet.com/b/canitpro/archive/2013/10/09/step-by-step-create-a-site-to-site-vpn-between-your-network-and-azure.aspx
    You can refer to this article for Cisco ASA templates for Static routing:
    http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx
    If your requirement is only for Multi-Site VPN then there is no option but to upgrade the device as Multisite VPN requires dyanmic routing and unfortunately there is no tweak or workaround due to hardware compatibility issue.
    I hope that this information is helpful
    Thanks,
    Syed Irfan Hussain

Maybe you are looking for