Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 26 subscribers
  • Views 8461 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Slow websites turns out IPS drops

waghelak
Since moving from UTM noticed pages either loaded slowly or not at all. Just noticed drops in IPS logs. I tried to allow the signature but seems I need to allow or disable all within the group and not individual ones. Any ideas on when it will be fixed? Thanks


This thread was automatically locked due to age.
Parents
  • 0

    Kunal,

    can you share some IPS line log and what website (for example) are very slow or fail to load?

    Thanks

  • 0 in reply to lferrara
    I am out at present so will need to share the logs tom. Mainly BBC sports main link fails (intermittent) and any bbc site which has a video on it fails to load. Thanks
  • 0 in reply to waghelak

    see  below some of the logs which happens mainly when trying to video on bbc via the iPhone or going to main bbc sports site.

     

    2016-12-07 22:00:01
    Signatures
    Drop
    -
    205.185.208.154 :TCP(80)
    192.168.0.236 :TCP(56304)
    1140311081
    Microsoft Windows DirectShow JPEG Double Free
    Operating System and Services
    Windows
    Client
    8
    07002
    Open PCAP
    2016-12-07 20:53:45
    Signatures
    Detect
    -
    173.194.3.110 :TCP(443)
    172.16.0.202 :TCP(60821)
    2601617
    SSL Request Export Ciphersuite Detection
    Browsers
    BSD,Linux,Mac,Solaris,Unix,Windows
    Client,Server
    8
    07001
    Open PCAP
    2016-12-07 20:49:20
    Signatures
    Detect
    -
    173.194.20.230 :TCP(443)
    172.16.0.202 :TCP(60677)
    2601617
    SSL Request Export Ciphersuite Detection
    Browsers
    BSD,Linux,Mac,Solaris,Unix,Windows
    Client,Server
    8
    07001
    Open PCAP
    2016-12-07 19:20:38
    Signatures
    Detect
    -
    209.85.230.25 :TCP(443)
    172.16.0.202 :TCP(60297)
    2601627
    SSL Request Export Ciphersuite Detection
    Browsers
    Windows
    Client,Server
    8
    07001
    Open PCAP
    2016-12-07 16:37:33
    Signatures
    Drop
    -
    23.67.146.178 :TCP(80)
    192.168.0.236 :TCP(55216)
    7000176
    Microsoft Internet Explorer and Edge CVE-2016-0157 Memory Corruption Vulnerability
    Browsers
    Windows
    Client
    8
    07002
    Open PCAP
    2016-12-07 16:30:31
    Signatures
    Drop
    -
    23.67.146.178 :TCP(80)
    192.168.0.236 :TCP(55084)
    7000176
    Microsoft Internet Explorer and Edge CVE-2016-0157 Memory Corruption Vulnerability
    Browsers
    Windows
    Client
    8
    07002
    Open PCAP
    2016-12-07 16:30:17
    Signatures
    Drop
    -
    23.67.146.178 :TCP(80)
    192:TCP(55060)
    7000176
    Microsoft Internet Explorer and Edge CVE-2016-0157 Memory Corruption Vulnerability
    Browsers
    Windows
    Client
    8
    07002
    Open PCAP
    2016-12-07 16:28:38
    Signatures
    Drop
    -
    23.67.146.178 :TCP(80)
    192.168.0.236 :TCP(55025)
    7000176
    Microsoft Internet Explorer and Edge CVE-2016-0157 Memory Corruption Vulnerability
    Browsers
    Windows
    Client
    8
    07002
    Open PCAP

Reply
  • 0 in reply to waghelak

    see  below some of the logs which happens mainly when trying to video on bbc via the iPhone or going to main bbc sports site.

     

    2016-12-07 22:00:01
    Signatures
    Drop
    -
    205.185.208.154 :TCP(80)
    192.168.0.236 :TCP(56304)
    1140311081
    Microsoft Windows DirectShow JPEG Double Free
    Operating System and Services
    Windows
    Client
    8
    07002
    Open PCAP
    2016-12-07 20:53:45
    Signatures
    Detect
    -
    173.194.3.110 :TCP(443)
    172.16.0.202 :TCP(60821)
    2601617
    SSL Request Export Ciphersuite Detection
    Browsers
    BSD,Linux,Mac,Solaris,Unix,Windows
    Client,Server
    8
    07001
    Open PCAP
    2016-12-07 20:49:20
    Signatures
    Detect
    -
    173.194.20.230 :TCP(443)
    172.16.0.202 :TCP(60677)
    2601617
    SSL Request Export Ciphersuite Detection
    Browsers
    BSD,Linux,Mac,Solaris,Unix,Windows
    Client,Server
    8
    07001
    Open PCAP
    2016-12-07 19:20:38
    Signatures
    Detect
    -
    209.85.230.25 :TCP(443)
    172.16.0.202 :TCP(60297)
    2601627
    SSL Request Export Ciphersuite Detection
    Browsers
    Windows
    Client,Server
    8
    07001
    Open PCAP
    2016-12-07 16:37:33
    Signatures
    Drop
    -
    23.67.146.178 :TCP(80)
    192.168.0.236 :TCP(55216)
    7000176
    Microsoft Internet Explorer and Edge CVE-2016-0157 Memory Corruption Vulnerability
    Browsers
    Windows
    Client
    8
    07002
    Open PCAP
    2016-12-07 16:30:31
    Signatures
    Drop
    -
    23.67.146.178 :TCP(80)
    192.168.0.236 :TCP(55084)
    7000176
    Microsoft Internet Explorer and Edge CVE-2016-0157 Memory Corruption Vulnerability
    Browsers
    Windows
    Client
    8
    07002
    Open PCAP
    2016-12-07 16:30:17
    Signatures
    Drop
    -
    23.67.146.178 :TCP(80)
    192:TCP(55060)
    7000176
    Microsoft Internet Explorer and Edge CVE-2016-0157 Memory Corruption Vulnerability
    Browsers
    Windows
    Client
    8
    07002
    Open PCAP
    2016-12-07 16:28:38
    Signatures
    Drop
    -
    23.67.146.178 :TCP(80)
    192.168.0.236 :TCP(55025)
    7000176
    Microsoft Internet Explorer and Edge CVE-2016-0157 Memory Corruption Vulnerability
    Browsers
    Windows
    Client
    8
    07002
    Open PCAP

Children