Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 26 subscribers
  • Views 3788 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SERVER-WEBAPP DrayTek multiple products command injection attempt

minis

hy ,

i have an issu in my xg firwall SG330 (SFOS 17.5.10 MR-10.HF051220.1)

so my firewall didn't block this attack "SERVER-WEBAPP DrayTek multiple products command injection attempt" , as indicated in the picture below

how can resolve this problem;

best regard



This thread was automatically locked due to age.
Parents
  • 0

    Hi Ministère Artisanat,

    Could you please provide the full path of the report details shared as a screenshot to check? 

    Did you apply the IPS policy on firewall rules?

  • 0 in reply to Keyur

    hi Keyur,

    This is the full path of the report


     

    Also , in the log viewer we see that

    IPS
    xxxxxx
    messageid="07001" log_type="IDP" log_component="Signatures" log_subtype="Detect" ips_policy="" ips_policy_id="0" fw_rule_id="0" user="" sig_id="53589" message="SERVER-WEBAPP DrayTek multiple products command injection attempt" classification="Web Application Attack" rule_priority="2" src_ip="x.x.x.x" src_country="CRI" dst_ip="x.x.x.x" dst_country="R1" protocol="TCP" src_port="xxxx" dst_port="80" OS="Linux,Mac,Other,Unix,Windows" category="server-webapp" victim="Server"

    Best Regards

  • 0 in reply to minis

    Hi Ministère Artisanat,

    Thank you for sharing details, could you please let us know the IPS policy applied on the firewall rule from where the traffic is passing?

  • 0 in reply to minis

    Hi  

    In the reports which you have shared, when you click on the Signature details "SERVER-WEBAPP DrayTek multiple products command injection attempt", what further information you are getting, please share those details.

Reply Children