Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 1569 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attack log

AliAbsOluT

Hi
we use Astaro ASG525 and configure IPS for it according to Sophos manual.
But we feel intrusion prevention don not drop packet.
please pay attention to this log:
---------------------------------------------------------------------------------------------------------
id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion
protection alert" action="alert" reason="MISC SSL CBC encryption mode
weakness brute force attempt" group="500" srcip="x.x.x.x"
dstip="y.y.y.y" proto="6" srcport="---" dstport="--" sid="20212"
class="Attempted Information Leak" priority="2"  generator="1"
msgid="0"
------------------------------------------------------------------
action is (alert) but we configure (drop)
please help us,
Thanks.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Ali,

    As per the DM conversation between us, your UTM resides on an older firmware built v8. The only possibility of the false action can be associated with the firmware. I request you to upgrade to the latest firmware and let us know it that resolves the issue.

    Thanks

Reply
  • 0

    Hi Ali,

    As per the DM conversation between us, your UTM resides on an older firmware built v8. The only possibility of the false action can be associated with the firmware. I request you to upgrade to the latest firmware and let us know it that resolves the issue.

    Thanks

Children
No Data