I am seeing thousands of IPS blocked attacks (rule 460 and 461) generated by 2001:470:b:*::1, which is the address of utm. The destinations are my computers also using ipv6. These blocked attacks constitute 98% of the blocked attacks. This was reported in the network protection group in this thread. Is this a bug in the rules or is utm generating bad ICMP packets? (The rules are both broken together, at least there are equal numbers of both attacks.)
I moved to Hurricane Electric and I haven't seen this problem again.
Mark
I'm on hurricane. BTW, just to be clear, the blocked attacks are identified as being from the ipv6 address assigned to utm, not the external address of the client side of the tunnel. That implies to me they are being generated inside my network, not outside. However, that's only my assumption based on the address.
Also, just wondering, what does your external ipv6 address show up as? Since I installed 9.080, utm seems to be doing some sort of NAT from the client side ipv6 tunnel address, which the people over at the tunnelbroker forum consider a bug, not a feature.
Interestingly, I have not received any of these since the major power failure last week. The power was off long enough to flatten all the UPS around the place.
