When I'm going to my own site (Bram Kortleven’s Weblog), I don't get the full visual contents. Half of the background layout is missing, and the browser keeps trying to load the page.
In the IPS logs I see stuff like this:
2009:06:22-21:20:37 voip-host snort[4104]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-CLIENT QuickTime JPEG Huffman Table integer underflow attempt" group="320" srcip="85.158.108.28" dstip="172.16.248.241" proto="6" srcport="80" dstport="37997" sid="10126" class="Misc Attack" priority="2" generator="3" msgid="0"
2009:06:22-21:20:37 voip-host snort[4104]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-CLIENT QuickTime JPEG Huffman Table integer underflow attempt" group="320" srcip="85.158.108.28" dstip="172.16.248.241" proto="6" srcport="80" dstport="37998" sid="10126" class="Misc Attack" priority="2" generator="3" msgid="0"
2009:06:22-21:20:37 voip-host snort[4104]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="172.16.248.241" dstip="85.158.108.28" proto="6" srcport="37997" dstport="80" sid="0" class="" priority="3" generator="129" msgid="1"
I'm using Wordpress on my own server, and I use a default theme; nothing special.
Any ideas?
I seem to have a lot of problems with the IPS settings. (they are set default-wyse, no tweaking...) You will notice I had an IMAP issue in IPS too a couple of days/weeks ago, forcing me to disable the IMAP check to use my mailserver from outside...
Is the IPS undergoing some heavy reworking?
Guest User!
You are not Sophos Staff.
