Guest User!
You are not Sophos Staff.
Hi There,
after some days, I would like to share some strange things with XG IPS module.
See the screenshot:
I have MAC at home so the first 2 signature cannot be applied.
First Signature CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7279
Second Signature:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0301
Both attacks come from MAC computer IP.
Any idea?
Thanks
I was about to start a thread on the same subject.
I like Luk run MACs at home most of the time, occasionally a W10 on VM or physical machine, but not everyday. Also trying to understand how my MAC is the source of the attacks in other reports, not necessarily the DNS issue.
My IPS issues are with the DNS. I receive everyday the same IPS attack warning in the daily reports.
Currently I have access to two ISPs and swap the connections between the UTM and the XG. The UTM does not report the DNS issue, so either the XG IPS is wrong or the XG DNS is configured incorrectly.
Extract from the XG during today.
Just to be a further pain, the dashboard and the display figures are totally different. Dashboard about 300, display about 900.
I was about to start a thread on the same subject.
I like Luk run MACs at home most of the time, occasionally a W10 on VM or physical machine, but not everyday. Also trying to understand how my MAC is the source of the attacks in other reports, not necessarily the DNS issue.
My IPS issues are with the DNS. I receive everyday the same IPS attack warning in the daily reports.
Currently I have access to two ISPs and swap the connections between the UTM and the XG. The UTM does not report the DNS issue, so either the XG IPS is wrong or the XG DNS is configured incorrectly.
Extract from the XG during today.
Just to be a further pain, the dashboard and the display figures are totally different. Dashboard about 300, display about 900.
