Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 3 subscribers
  • Views 1236 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[7.403]Netbios issue

wingman
Hi All 

It take ages to copy a single file from my private zone to my DMZ zone and it usually times out. I've tried the following files
txt file successful
pdf file successful
backup image (*.bf) (times out after trying for a long time)

I've checked the logs and I can't find and errors/blocks etc. Could you please advice?


This thread was automatically locked due to age.
  • 0
    Update 

    I got the following under the IDS and I assume that's why I couldn't copy the files 


    Intrusion Protection Alert

    

    An intrusion has been detected. The packet has been dropped automatically.

    You can toggle this rule between "drop" and "alert only" in WebAdmin.

    

    Details about the intrusion alert:

    

    Message........: BACKDOOR exception 1.0 runtime detection - initial connection server-to-client

    Details........: www.snort.org/.../sigs.cgi

    Time...........: 2009:05:30-17:30:03

    Packet dropped.: yes

    Priority.......: 1 (high)

    Classification.: A Network Trojan was detected IP protocol....: 6 (TCP)

    

    Source IP address: 172.16.1.2

    www.dnsstuff.com/.../ptr.ch

    www.ripe.net/.../whois

    ws.arin.net/.../whois.pl

    cgi.apnic.net/.../whois.pl

    Source port: 445 (microsoft-ds)

    Destination IP address: 192.168.2.31

    www.dnsstuff.com/.../ptr.ch

    www.ripe.net/.../whois

    ws.arin.net/.../whois.pl

    cgi.apnic.net/.../whois.pl

    Destination port: 1375 (bytex)

            

    

    -- 

    System Uptime      : 0 days 21 hours 17 minutes

    System Load        : 1.11

    System Version     : Astaro Security Gateway Software 7.403

    

    Please refer to the manual for detailed instructions.
  • 0
    Why did you choose the title of your thread - what cluse do you have that this is a NETBIOS issue?  Did this problem exist before 7.403, or is this a new installation?  Have you tried changing the ethernet cable to the DMZ?  Have you tried turning off Intrusion Protection?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi Bob

    I was monitoring the traffic at that stage and I saw a lot of netbios traffic from my internal zone to DMZ. I've disabled the IPS and the copy time was reduced (1.12gb in 20 minutes)
    I had the same issue when using 7.402 version as well. CPU is 51% constantly while the copy is in progress.

    Is anyone able to verify whether antivirus engines work when you transfer internally?
  • 0 in reply to wingman
    Anti-Virus only works for transfers that use the HTTP proxy.  If you have a box that should upload a lot of things to the DMZ, then put the box into an IPS Exception.  Nothing in the DMZ should be in an Exception.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    it took about 10 hours to copy the 24 gig and during that time Astaro 's cpu where working at 60%
  • 0 in reply to wingman
    The Intrusion Protection System was busy!
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Yes that's what I thought. At the moment I have both DMZ and private zone allowed within IPS. I will try some alternation on the current settings and re-do the copy.I am sure that it's the IPS that makes the copy so slow