Keep getting this from newly installed UTM:
Intrusion Prevention Alert
An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future, set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.
Details about the intrusion alert:
Message........: (spp_ssh) Challenge-Response Overflow exploit
Details........: www.snort.org/search
Time...........: 2015-02-13 19:50:26
Packet dropped.: no
Priority.......: high
Classification.: Attempted Administrator Privilege Gain IP protocol....: 6 (TCP)
Source IP address: 192.168.26.16
Source port: 61317
Destination IP address: 192.168.143.10
Destination port: 22 (ssh)
--
System Uptime : 10 days 0 hours 8 minutes
System Load : 0.38
System Version : Sophos UTM 9.307-6
Please refer to the manual for detailed instructions.
But the IPS policy is set to "Drop Silently" and attack patterns are like this:
The WHOLE page down...
Am I missing something?
