[8.165][BUG][FIXED] Intrusion Prevention Alert emails no info

Hi,

If I remember correctly the email used to have source and destination information, see below.

BTW, I'm getting tons of CRIT-852 IPS email notifications..... haven't seen this many ever... 57 in less than 3 hours. I'll keep an eye on this issue and report it separately if I need to.

Paul

Details about the intrusion alert:

Message........: WEB-MISC Multiple vendor Antivirus magic byte detection evasion attempt
Details........: Snort ::
Time...........: 2011:05:31-14:34:55
Packet dropped.: yes
Priority.......: 1high
Classification.: Attempted User Privilege Gain
IP protocol....: 6 (TCP)

Source IP address: $SRC_IP $SRC_HOST
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
$SRC_PORT
Destination IP address: $DST_IP $DST_HOST
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
$DST_PORT

Parents

0 wingman over 13 years ago

I can see the alerts from the IPS now. It seems that after 2 reboots the box start functioning [;)]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 wingman over 13 years ago

I can see the alerts from the IPS now. It seems that after 2 reboots the box start functioning [;)]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data