[8.281][BUG][FIXED] L2TP over IPsec seen as UDP flood

The log is full of these beginning with the installation of 8.270. It's not now even though I'm connected.

2011:11:19-13:36:46 post ulogd[5037]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="0:14:f1:e5:A:B" dstmac="0:8:2:a4:X:Y" srcip="{Home IP}" dstip="{Astaro IP}" proto="17" length="80" tos="0x00" prec="0x00" ttl="123" srcport="1701" dstport="1701"

Cheers - Bob

Parents

0 BAlfson over 13 years ago

Marco, do you see any UDP Flood entries in your Intrusion Prevention System logs over the last few days? I leave my laptop connected at home even when I'm at the office. That lets me RDP to it and print stuff on my home printer. I notice the lines in the log at random times every day. Usually just a minute or two. It isn't anything that causes noticible disruption.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 BAlfson over 13 years ago

Marco, do you see any UDP Flood entries in your Intrusion Prevention System logs over the last few days? I leave my laptop connected at home even when I'm at the office. That lets me RDP to it and print stuff on my home printer. I notice the lines in the log at random times every day. Usually just a minute or two. It isn't anything that causes noticible disruption.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data