Is there anything written that suggests what a person should monitor daily on the firewall. For example, on servers you check the event logs to be sure there are no problems. I do get the Firewall Email Notifications such as the one I've pasted below, but they always say the same thing, "An intrusion has been detected. The packet has not been dropped".
Also, if I suspected an intrusion had taken place, what would I check in Astaro to gather information?
I apologize if these are dumb questions but I just can't seem to find anything.
Thanks!
Intrusion Protection Alert
An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future, set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.
Details about the intrusion alert:
Message........: WEB-CLIENT Content-Disposition CLSID command attempt
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=2589
Time...........: 2009:07:29-09:44:42
Packet dropped.: no
Priority.......: 1 (high)
Classification.: Attempted User Privilege Gain IP protocol....: 6 (TCP)
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
