Hello
I use a SG135 Firewall whichs works good, except I receive permanent IDS Low Attack from one specific host (see below) but even i put a block rule oder set the IDS to reject the packets the alarm comes again and again
How can i block the host permanently?
Intrusion Prevention Alert An intrusion has been detected. The packet has *not* been dropped. If you want to block packets like this one in the future, set the corresponding intrusion protection rule to "drop" in WebAdmin. Be careful not to block legitimate traffic caused by false alerts though. Details about the intrusion alert: Message........: PUA-OTHER Known unwanted User-Agent string - PetalBot Details........: https://www.snort.org/search?query=57634 Time...........: 2021-06-07 12:29:43 Packet dropped.: no Priority.......: low Classification.: Misc activity IP protocol....: 6 (TCP) Source IP address: 114.119.150.186 (petalbot-114-119-150-186.petalsearch.com) Source port: 31770 Destination IP address: 192.168.1.80 Destination port: 80 (http)
-- System Uptime : 14 days 0 hours 18 minutes System Load : 2.51 System Version : Sophos UTM 9.705-7 Please refer to the manual for detailed instructions.
This thread was automatically locked due to age.
