This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Question regarding IPS

Hello,

I have been seeing some new behavior in my ASG220 logs. I am getting alerts showing that the firewall itself is the source address of the alert.

Details about the intrusion alert:

Message........: WEB-ATTACKS rm command attempt
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=1365
Time...........: 2005:11:07-16:14:56
Packet dropped.: no
Priority.......: 1 (high)
Classification.: Web Application Attack
IP protocol....: 6 (TCP)

Source IP address: [Firewall public address] (hostname)
Source port: 54497
Destination IP address: [Various IP address'] (various hostnames)
Destination port: 80 (http)

Can anyone explain this or tell me how to get rid of it?

This thread was automatically locked due to age.

Parents

0 Hamilton over 19 years ago

Turns out I had not selected anything in the "Local Networks" section of the IPS - Settings. I added (at the suggestion of Astaro support) my internal networks to the "Local Networks" and the problem went away.

Hope this helps someone else,
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Hamilton over 19 years ago

Turns out I had not selected anything in the "Local Networks" section of the IPS - Settings. I added (at the suggestion of Astaro support) my internal networks to the "Local Networks" and the problem went away.

Hope this helps someone else,
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data