Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 1485 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Email alert flood when enabling IPS on 5.007

Michael_Molnar
Hello,

The content of the alert is bellow

[1:527:0] A BAD-TRAFFIC same SRC/DST [Classification: Potentially Bad Traffic] [Priority: 2]:  {PROTO001} 192.168.1.250 -> 192.168.1.250

I don't understand why the ASL thinks it is itself sending bad packets to itself. Even though the LAN is in the protected local network area, not that it seems to make any differenece with or without it in there.
I am receiving the same alert at a rate of 6 per minute. When notifications are enabled.


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to THoehne
    The ASL incorrectly passes loopback traffic to the Intrusion Protection System. Therefore the "BAD TRAFFIC" alerts are very likely false positives. This has been fixed and it will be released in an Up2Date package.

    Regards,
    Stephan
  • 0 in reply to Stephan_Scholz
    I still have problem with it (BAD TRAFFIC) when I use http proxy with external address of my DMZ Web servers 

    and msg:

      [ QUOTE ]

    Content could not be loaded    
              
              
          Please check the spelling of your URL.
    Make sure that your proxy settings are in order.
    The following lines may provide some additional information to the cause of the failure.

    TcpSocket.cpp:119:connect:TCP Connect failed to www.somesite.pl:80 (212.160.xxx.xxx)


      

    [/ QUOTE ]
  • 0 in reply to Stephan_Scholz
    Stephan, I'm running 5.012 and am getting this error too.
    Was the fix in 5.012?

     Code:
    [1:527:0] A BAD-TRAFFIC same SRC/DST [Classification: Potentially Bad Traffic] [Priority: 2]:  {PROTO001} xx.xx.221.142 -> xx.xx.221.142


    Thanks,
    Barry
  • 0 in reply to BarryG
    Hi barrygould,

    the fix has not been released yet. It should be included in the next Up2Date.

    Regards,
    Stephan