When I start the sevice ISP, I get 30 e-mails/second that the Astaro-box is trying to 'attack' my mail-server! I also use SMTP Proxy. After a few minutes the Astaro-box hangs proberly of sendig this amount of e-mails. The exact content of the e-mail is:
A packet was detected by the Intrusion Detection system which may be
an attack. The matching rule classified this as highest priority
level. The packet properties and the alert reason are:
[1:1807:0] A WEB-MISC Chunked-Encoding transfer attempt [Classification: Web Application Attack] [Priority: 1]: {PROTO006} xxx.xxx.xxx.10:38844 -> xxx.xxx.xxx.xxx:25
Where xxx.xxx.xxx.10 is the Astaro-box and xxx.xxx.xxx.3 is my mail-server. When I disable the 'web-attack'-definition in IPS the problem is solved. In IPS I also added the local network to protect. By scanning wirh grc.com and scangate.sygate.com I DON'T receive a e-mail warning. Is this a bug or a misconfiguration? pls help me [:$]
In the console the following messages appear:
CPU: ........
EIP: .........
EFLAGS: .......
Processswapper: ......
Stack: ...... (a lot numbers)
Call trace: .... (a lot numbers)
Code: BAD EIP Value
Kernel panic, Aiee, killing handler!
In interruot handler not syncing
It seems that ISP/IDS is very buggy [:(]
