On multiple sites I see IDS alerts :
Feb 8 13:06:36 IDS Alert
ftg-hdn-mr009-f89e28da6552
Meraki Network OS
whatsapp-chatd-edge-shv-01-ams4.facebook.com
157.240.201.61:80
Blocked SERVER-APACHEBEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
Feb 8 13:01:16 IDS Alert
ftg-hdn-mr009-f89e28da6552
Meraki Network OS
whatsapp-chatd-edge-shv-01-ams4.facebook.com
157.240.201.61:80
Blocked SERVER-APACHEBEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
Feb 8 12:57:48 IDS Alert
ftg-hdn-mr002-f89e28da76f8
Meraki Network OS
ac9293e5fb5d2d1d2.awsglobalaccelerator.com
3.33.252.61:80
Blocked SERVER-APACHEBEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
Feb 8 12:53:12 IDS Alert
ftg-hdn-mr002-f89e28da76f8
Meraki Network OS
whatsapp-chatd-edge-shv-01-ams4.facebook.com
157.240.201.61:80
Blocked SERVER-APACHEBEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
Feb 8 12:49:01 IDS Alert
ftg-hdn-mr003-f89e28da6649
Meraki Network OS
whatsapp-chatd-edge-shv-01-ams4.facebook.com
157.240.201.61:80
Blocked SERVER-APACHEBEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
Feb 8 12:45:06 IDS Alert
ftg-hdn-mr009-f89e28da6552
Meraki Network OS
whatsapp-chatd-edge-shv-02-fra3.facebook.com
157.240.0.61:80
Blocked SERVER-APACHEBEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
Feb 8 12:11:41 IDS Alert
ftg-hdn-mr002-f89e28da76f8
Meraki Network OS
whatsapp-chatd-edge-shv-01-lax3.facebook.com
31.13.70.50:80
Blocked SERVER-APACHEBEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
Feb 8 12:11:16 IDS Alert
ftg-hdn-mr002-f89e28da76f8
Meraki Network OS
whatsapp-chatd-edge-shv-01-ams4.facebook.com
157.240.201.61:80
Blocked SERVER-APACHEBEA WebLogic Apache Oracle connector Transfer-Encoding buffer overflow attempt
Is it possible we see are seeing a False Positive?
Greetings from Holland
Solved! Go to solution.
Maybe, but you'd better investigate.
Of course, working on that.
Seeing it on all location throughout our organization.
All kind of devices, Windows, IOS, Android.
no actual events anymore.
no one is complaining.
Seems to be OK again
I'm also seeing this in our organization across many networks. There were a few starting on 2/5 and then spiking the last 2 days.
Still seeing these events on 2/9. Strongly suspect false positive. Still, would like better analysis that I can perform quickly.
We've been getting this almost daily for the last week or so - should we be worried or is this a FP?
I couldn't find an issue. To me, it seems like a FP indeed.
After a little while of rest, the events returned again.
Multiple sites, multiple devices with multiple platforms/OS's.
Seeing it lots since early Feb too
We have also this issue, in our case since 2/5 .