Hi there, so I'm getting a lot of these coming from IPs on my network, seemingly outbound to other servers. I don't really know how to interpret this and if it's a false positive, what to do to mitigate it.
"OS-LINUX Linux Kernel Challenge ACK provocation attempt
Operating System and Services
BSD,Linux,Mac,Other,Solaris,Unix"
with signature 40063
IPS is blocking/dropping it.
I have default WAN to LAN IPS profile, with a rule blocking all incoming connections from WAN. A couple of other little rules in place while I test things, but nothing major to report. Originally I had strict lantowan default, and got some of these and assumed they were false positives. This is coming from mobiles it seems or from my wifi network at least, which doesn't have any AV on it atm, but did also come from a new desktop I set up a week ago when it first connected to the network.
What is this and does it even apply to me as an average home user?
Thanks
This thread was automatically locked due to age.
