- Community Home
- >
- Networking
- >
- Legacy
- >
- TippingPoint
- >
- Re: Event 7120 issues
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-15-2012 01:34 PM
11-15-2012 01:34 PM
Event 7120 issues
I am recently taking over an existing Tippingpoint installation that has been extreamly poortly managed. Trying to reconfigure and organize the deployment. It is pretty small (about 5 110s and 3 10s with the SMS.)
I am seeing an excessive amount of event 7120 "TCP: Segment overlap With Different Data, e.g. Fragroute". Almost exclusively on HTTP port 80 traffic. Going to the IPs listed shows normal, everyday websites (google, amazon etc). the event is currently set to "Block and Notify"
Is this a valid event to Block, is this identifying an issue on our network, could this just be something in our network configuration that changes a packet header? The event currently is useless, and I would like to turn it off if justified so I can focus on other events.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-16-2012 06:53 AM
11-16-2012 06:53 AM
Re: Event 7120 issues
Tracking this down a little more - it seems to be related to Google Chrome. Only our Chrome users are creating these events, other browsers don't. Anyone? Should this event be removed, is it creating user problems?
- Tags:
- chrome
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-26-2012 11:06 AM
11-26-2012 11:06 AM
Re: Event 7120 issues
What TOS version are the IPS running? New versions of the software made improvements that made this filter more accurate and fire less due to the improvements.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2013 05:24 AM
07-09-2013 05:24 AM
Re: Event 7120 issues
Although 7120 seems to be better than it was in the past, this filter is triggered by valid traffic frequently in almost every deployement we run into. What are we missing with this filter disabled? The followup question to that would be why it's still enabled by default?
It's really not that big of deal for our clients as we just disable it. But I can see how it could be cnfusing for new customers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-15-2013 11:46 PM
07-15-2013 11:46 PM