This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Snort

ntrusion Prevention Alert

An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future,
set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.

Details about the intrusion alert:

Message........: BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt
Details........: Snort ::
Time...........: 2013-10-31 09:18:59
Packet dropped.: no
Priority.......: high
Classification.: Attempted User Privilege Gain
IP protocol....: 17 (UDP)

Source IP address: 195.50.140.114 (dns5.arcor-ip.de)
- Professional Toolset | DNSstuff
- Database Query
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=195.50.140.114
- APNIC - Query the APNIC Whois Database
Source port: 53 (domain)
Destination IP address: Domain Controller
- Professional Toolset | DNSstuff Controller
- Database Query Controller
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=Domain Controller
- APNIC - Query the APNIC Whois Database Controller
Destination port: 56683

--
System Uptime      : 1 day 1 hour 15 minutes
System Load        : 0.52
System Version     : Sophos UTM 9.106-17

Please refer to the manual for detailed instructions.

Ist das normal das man so was bekommt bei Snort die ganze Zeit?

Grüße

This thread was automatically locked due to age.

0 BarryG over 12 years ago

Hi, you might want to disable rule 19187.

Hallo, möchten Sie vielleicht Regel 19187 deaktivieren

https://www.google.com/search?q=19187+site%3Aastaro.org

Barry
Cancel
Vote Up 0 Vote Down

Cancel