[9.091] IPS going crazy

While my UTM was rebooting after the update I let ran a "ping -t" on it to see when it went up again, like everytime in the past [;)]

After this reboot the UTM flooded my mailbos with an extreme amount of IPS mail warning notifications.

I have attached the corresponding logfile.

ipslog.zip

Parents

0 William Warren over 12 years ago

did you reboot the box after the update? I always reboot after any update.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 William Warren over 12 years ago

did you reboot the box after the update? I always reboot after any update.

Owner: Emmanuel Technology Consulting

http://etc-md.com

Former Sophos SG(Astaro) advocate/researcher/Silver Partner

PfSense w/Suricata, ntopng,

Other addons to follow
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 lmatt over 12 years ago in reply to William Warren
Hi Monarch,

this behavior is normal if you ping the box and enable 'extra warnings'.

It just want to tell you:
PROTOCOL-ICMP Destination Unreachable Network Unreachable

2013:04:12-19:55:01 astaro1 snort[4304]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="PROTOCOL-ICMP Destination Unreachable Network Unreachable" group="410" srcip="192.168.0.99" dstip="192.168.0.15" proto="1" srcport="0" dstport="0" sid="401" class="Misc activity" priority="3" generator="1" msgid="0"

'extra warnings' are very sensible and will report everything what could possibly be dangerous.

Regards,
Lukas
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

[9.091] IPS going crazy

Submitted a Tech Support Case lately from the Support Portal?