[9.000][BUG] IPS blocks feature.astaro.com

loginuser@fw:/var/log > date
Mon Jul 23 15:53:36 PDT 2012
loginuser@fw:/var/log > rpm -qa | egrep 'u2d-ipsbundle'
u2d-ipsbundle-9-50

I just got the alert (I changed the rule to alert, not drop) again when I went to feature.astaro.com and logged in.
It doesn't happen again if I log out and login again, maybe it's cookie-dependent.

Anyways, there's several people in these forums having trouble with this Snort rule; see
https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/40675
for more examples.

2012:07:23-15:49:09 fw snort[18365]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="WEB-CLIENT Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt" group="320" srcip="23.14.17.107" dstip="192.168.11.13" proto="6" srcport="80" dstport="65178" sid="11257" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"

loginuser@fw:/var/log > date
Mon Jul 23 15:53:36 PDT 2012
loginuser@fw:/var/log > rpm -qa | egrep 'u2d-ipsbundle'
u2d-ipsbundle-9-50

I just got the alert (I changed the rule to alert, not drop) again when I went to feature.astaro.com and logged in.
It doesn't happen again if I log out and login again, maybe it's cookie-dependent.

Anyways, there's several people in these forums having trouble with this Snort rule; see
https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/40675
for more examples.

2012:07:23-15:49:09 fw snort[18365]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="WEB-CLIENT Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt" group="320" srcip="23.14.17.107" dstip="192.168.11.13" proto="6" srcport="80" dstport="65178" sid="11257" class="Attempted User Privilege Gain" priority="1"  generator="1" msgid="0"