Astaro 6.105
If the Intrusion Protection Rule - " MULTIMEDIA realplayer .ra download attempt - ID 9998 " to be in a condition enable and "action" in a condition - drop at loading a file of type with expansion ".rar" it is seen in a file ips.log the message:
2006:03:09-15:13:21 (none) snort [23219]: [1:9998:0] A MULTIMEDIA realplayer .ra download attempt [Classification: Misc activity] [Priority: 3]: {PROTO006} 192.168.xxx.xxx:1485-> xxx.xxx.xxx.xxx:80
2006:03:09-15:13:25 (none) snort [23219]: [1:9998:0] A MULTIMEDIA realplayer .ra download attempt [Classification: Misc activity] [Priority: 3]: {PROTO006} 192.168.xxx.xxx:1486-> xxx.xxx.xxx.xxx:80
2006:03:09-15:13:26 (none) snort [23219]: [1:9998:0] A MULTIMEDIA realplayer .ra download attempt [Classification: Misc activity] [Priority: 3]: {PROTO006} 192.168.xxx.xxx:1487-> xxx.xxx.xxx.xxx:80
2006:03:09-15:13:27 (none) snort [23219]: [1:9998:0] A MULTIMEDIA realplayer .ra download attempt [Classification: Misc activity] [Priority: 3]: {PROTO006} 192.168.xxx.xxx:1488-> xxx.xxx.xxx.xxx:80
2006:03:09-15:13:31 (none) snort [23219]: [1:9998:0] A MULTIMEDIA realplayer .ra download attempt [Classification: Misc activity] [Priority: 3]: {PROTO006} 192.168.xxx.xxx:1489-> xxx.xxx.xxx.xxx:80
And the file is not loaded
This thread was automatically locked due to age.
