Astaro.org (Read-Only)

ASG V7.000 BETA (closed) Many Anomaly messages, particularly Mailserver.

Many Anomaly messages, particularly Mailserver.

StefanS_01 over 20 years ago

Hi all,

I have here many Anomaly messages because of our Mailserver.
Is the normal? Can I affect these somewhere?

192.168.1.51 = Mailserver internal
192.168.1.50 = ASL

Details about the intrusion alert:

Message........: Closed dest port used: local dest, teardown flags: 1.0000
Time...........: 2005:05:22-07:00:02
Packet dropped.: no
IP protocol....: 6 (TCP)

Source IP address: 192.168.1.51
- http://www.dnsstuff.com/tools/ptr.ch?ip=192.168.1.51
- http://www.ripe.net/perl/whois?query=192.168.1.51
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=192.168.1.51
- http://cgi.apnic.net/apnic-bin/whois.pl?search=192.168.1.51
Source port: 25 (smtp)
Destination IP address: 192.168.1.50 (ASL)
- http://www.dnsstuff.com/tools/ptr.ch?ip=192.168.1.50
- http://www.ripe.net/perl/whois?query=192.168.1.50
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=192.168.1.50
- http://cgi.apnic.net/apnic-bin/whois.pl?search=192.168.1.50
Destination port: 56903

Stefan

Parents

0 Xeno over 20 years ago

A packet on a closed port was sent. Source port 25. So it seems to be a answer packet to a SMTP connection. There is no way to configure the anomaly based IPS. The anomaly based IPS is just to see, what's going on on the network which is not usual.

Xeno
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Xeno over 20 years ago

A packet on a closed port was sent. Source port 25. So it seems to be a answer packet to a SMTP connection. There is no way to configure the anomaly based IPS. The anomaly based IPS is just to see, what's going on on the network which is not usual.

Xeno
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data