This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Alerts

Hi All,

I am getting the following from my firewall:

Message........: MS-SQL probe response overflow attempt
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=2329
Time...........: 2006:09:07-11:31:34
Packet dropped.: no
Priority.......: 1 (high)
Classification.: Attempted User Privilege Gain
IP protocol....: 17 (UDP)

This is a false positive and is being generated by a user connected over an IPSec VPN connection. Is there a way that I can have the IPS omit this reporting for a specific IP Address?

Thanks in advance,

Ken W.

This thread was automatically locked due to age.

Parents

0 Billybob over 19 years ago

This is a false positive and is being generated by a user connected over an IPSec VPN connection.

Did you make sure that the user doesn't have any viruses on his machine? Is he working on SQL server or making sql queries while connected? If not, your only choice is disabling the rule since there is no tweaking of the IPS rules for particular IP addresses. You can also try tinkering with IPS Network Exclusions under Intrusion Protection --> Advanced but I haven't had too much luck with that.

HTH[:D]
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Billybob over 19 years ago

This is a false positive and is being generated by a user connected over an IPSec VPN connection.

Did you make sure that the user doesn't have any viruses on his machine? Is he working on SQL server or making sql queries while connected? If not, your only choice is disabling the rule since there is no tweaking of the IPS rules for particular IP addresses. You can also try tinkering with IPS Network Exclusions under Intrusion Protection --> Advanced but I haven't had too much luck with that.

HTH[:D]
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data