Please forgive me if this is the wrong area to post, but I have now been charged with our firewall since another guy left and I am not a networking guy...
We are getting Active System Attack emails every half hour like this:
Sep 30 07:31:34 fw1 2014: 09:30-07:31:34 mail snort[10881]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="SERVER-OTHER MRLG fastping echo reply memory corruption attempt" group="500" srcip="xxx.xxx.xxx.xxx" dstip="xxx.xxx.xxx.xxx" proto="1" srcport="0" dstport="0" sid="31767" class="Misc Attack" priority="2" generator="1" msgid="0"
Where the source IP is an internal IP and the destination IP is also an internal IP...
I have gone into the Network Protection, Intrusion Prevention, Advanced and added a Modified rule to rule ID '31767' - diable notifications - Action Alert
Why an I still getting these emails?
This thread was automatically locked due to age.