Preview Tool

Cisco Bug: CSCta12368 - 1330.12 and 1330.18 false positives with high volume traffic

Last Modified

Feb 22, 2014

Products (10)

  • Cisco IPS 4200 Series Sensors
  • Cisco IPS Sensor Software Version 7.0
  • Cisco IPS 4260 Sensor
  • Cisco IPS 4255 Sensor
  • Cisco Catalyst 6500 Series Intrusion Detection System (IDSM-2) Services Module
  • Cisco IPS 4270-20 Sensor
  • Cisco Intrusion Prevention System Network Module
  • Cisco IPS 4240 Sensor
  • Cisco ASA Advanced Inspection and Prevention (AIP) Security Services Module
  • Cisco Integrated Services Routers Intrusion Prevention System Module

Known Affected Releases

6.2(1) 7.0(1)E3 7.0(2)E3

Description (partial)


False positives were observed for signatures 1330.12 and 1330.18.

A high volume of traffic passing through the iPS may cause signatures
1330.18 and 1330.12 to fire erroneously.


A large amount of traffic must be flowing through the IPS. For example, a large FTP file
transfer may cause this condition.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.