Sophos Firewall

Discussions IPS - Some signature are false positive

Sophos Firewall requires membership for participation - click to join

Thread Info

State Not Answered
+3 person also asked this people also asked this
Locked Locked
Replies 7 replies
Subscribers 30 subscribers
Views 23344 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS - Some signature are false positive

lferrara over 8 years ago

Hi There,

after some days, I would like to share some strange things with XG IPS module.

See the screenshot:

I have MAC at home so the first 2 signature cannot be applied.

First Signature CVE:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7279

Second Signature:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0301

Both attacks come from MAC computer IP.

Any idea?

Thanks

This thread was automatically locked due to age.

Parents

0 Angkatan Hebat over 8 years ago

I had over 16K logged over Sunday [as shown above 9th Apr], and at least twice of that figure on typical workdays.

Happen ever since v16 upgrade.

Any suggestion where to poke .

XG210 Appliance

Current: Firmware SFOS 16.05.3 MR-3, and Patterns-IPS 3.13.41
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Angkatan Hebat over 8 years ago

I had over 16K logged over Sunday [as shown above 9th Apr], and at least twice of that figure on typical workdays.

Happen ever since v16 upgrade.

Any suggestion where to poke .

XG210 Appliance

Current: Firmware SFOS 16.05.3 MR-3, and Patterns-IPS 3.13.41
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data