I have a xg115w and I did minimal configuration to it. Basically forwarding email ports to the email server (I don't even know if the spam filter/malware filter is working) and I set up VPN connection. Real basic stuff. I see in the logs that there were already some attacks. How do I know if Sophos is blocking them? Do I need to configure a firewall rule for it?
Below is the log for the intrusion attacks. It dosen't look like they were blocked but I don't know
| Report Profile | Intrusion Attacks |
|
Start Date
|
02-Jun-2016 |
|
End Date
|
02-Jun-2016 |
|
Appliance
|
XG115w |
|
Firmware Version
|
SFOS 15.01.0 MR-2 |
|
Firmware Build
|
418 |
|
Device Serial Number
|
|
|
Report
|
|
|
Criteria
|
|
Attack Categories
Web Services and ApplicationsApplication and SoftwareOperating System and Services03691215HitsCategory1181
|
Category
|
Hits
|
|
Web Services and Applications
|
11
|
|
Application and Software
|
8
|
|
Operating System and Services
|
1
|
Attacked Platforms
BSD,Linux,Mac,Other,Solaris,Un...Linux,Unix,WindowsBSD,Linux,Mac,Solaris,Unix,Win...Windows03691215HitsPlatform10631
|
Platform
|
Hits
|
|
BSD,Linux,Mac,Other,Solaris,Unix,Windows
|
10
|
|
Linux,Unix,Windows
|
6
|
|
BSD,Linux,Mac,Solaris,Unix,Windows
|
3
|
|
Windows
|
1
|
Attack Targets
Server0612182430HitsTarget20
|
Target
|
Hits
|
|
Server
|
20
|
Severity wise Attacks
ModerateMajorMinor03691215HitsSeverity1271
|
Severity
|
Hits
|
|
Moderate
|
12
|
|
Major
|
7
|
|
Minor
|
1
|
Intrusion Attacks
HTTPS/SSL Renegotiation DoSSquid HTTP Response Processing...OpenSSL DTLS SRTP Extension Pa...OpenSSL ssl_get_algorithm2 TLS...Microsoft ASP .NET Error Messa...03691215HitsAttack106211
|
Attack
|
Hits
|
|
HTTPS/SSL Renegotiation DoS
|
10
|
|
Squid HTTP Response Processing Denial of Service
|
6
|
|
OpenSSL DTLS SRTP Extension Parsing Denial of Service
|
2
|
|
OpenSSL ssl_get_algorithm2 TLS Denial of Service
|
1
|
|
Microsoft ASP .NET Error Message Information Disclosure Vulnerability
|
1
|
Attacks detected and allowed
HTTPS/SSL Renegotiation DoSOpenSSL DTLS SRTP Extension Pa...Microsoft ASP .NET Error Messa...03691215HitsAttack1021
|
Attack
|
Hits
|
|
HTTPS/SSL Renegotiation DoS
|
10
|
|
OpenSSL DTLS SRTP Extension Parsing Denial of Service
|
2
|
|
Microsoft ASP .NET Error Message Information Disclosure Vulnerability
|
1
|
Intrusion Source
52.84.21.217108.181.201.223108.181.200.11210.0.0.372.143.230.197012345HitsAttacker44211
|
Attacker
|
Hits
|
|
52.84.21.217
|
4
|
|
108.181.201.223
|
4
|
|
108.181.200.112
|
2
|
|
10.0.0.3
|
1
|
|
72.143.230.197
|
1
|
Intrusion Destination
10.0.0.310.0.0.105198.54.233.83131.253.61.100173.241.250.14303691215HitsVictim106111
|
Victim
|
Hits
|
|
10.0.0.3
|
10
|
|
10.0.0.105
|
6
|
|
198.54.233.83
|
1
|
|
131.253.61.100
|
1
|
|
173.241.250.143
|
1
|
Users
N/A0612182430HitsUser20
|
User
|
Hits
|
|
N/A
|
20
|
Applications used for Attacks
HTTPSHTTPTCP:45534TCP:62765TCP:5827303691215HitsApplication/Proto:Port131111
|
Application/Proto:Port
|
Hits
|
|
HTTPS
|
13
|
|
HTTP
|
1
|
|
TCP:45534
|
1
|
|
TCP:62765
|
1
|
|
TCP:58273
|
1
|
Source Countries
CanadaUnited StatesReserved03691215HitsSource Country1064
|
Source Country
|
Hits
|
|
Canada
|
10
|
|
United States
|
6
|
|
Reserved
|
4
|
Trend - Intrusion Attacks
03691215EventTime0 06/02 09:0006/02 11:0006/02 13:0006/02 15:0006/02 17:0006/02 19:0006/02 21:00
|
Time
|
Event Type
|
Event
|
|
2016-06-02 09:00:00
|
IPS Attack
|
2
|
|
2016-06-02 10:00:00
|
IPS Attack
|
0
|
|
2016-06-02 11:00:00
|
IPS Attack
|
0
|
|
2016-06-02 12:00:00
|
IPS Attack
|
0
|
|
2016-06-02 13:00:00
|
IPS Attack
|
0
|
|
2016-06-02 14:00:00
|
IPS Attack
|
0
|
|
2016-06-02 15:00:00
|
IPS Attack
|
2
|
|
2016-06-02 16:00:00
|
IPS Attack
|
6
|
|
2016-06-02 17:00:00
|
IPS Attack
|
0
|
|
2016-06-02 18:00:00
|
IPS Attack
|
0
|
|
2016-06-02 19:00:00
|
IPS Attack
|
0
|
|
2016-06-02 20:00:00
|
IPS Attack
|
0
|
|
2016-06-02 21:00:00
|
IPS Attack
|
13
|
This thread was automatically locked due to age.
