Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 2730 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange action with Firefox compared to I.E.7

FreudianSlip
Hi all,

I had to recover back to backup today due to my own fault, however in testing the recovered solution I came across this .....

In I.E.7, I could attach to sites such as tesco.com & expedia.co.uk after being authenticated by the astaro proxy as usual - good response.

However, when I configured firefox to use the proxy, sites such as those were just timing out, but worked if I unchecked the proxy within firefox.

It took me ages to find that the IPS (Barnyard) was reporting P2P traffic on port 8080 from my system, which was of course fantasy as I was simply browsing.  This same report did not happen if I used I.E.7.

Is there something I'm doing wrong here (which is highly likely and possible) or is there a problem with the IPS subsystem?

====================

2007:02:09-15:57:22 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
2007:02:09-15:57:25 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
2007:02:09-15:57:31 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
2007:02:09-15:57:43 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
2007:02:09-15:58:07 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
2007:02:09-15:58:55 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"


This thread was automatically locked due to age.
Parents
  • 0
    You're not doing anything wrong... those P2P rules are LAME!  I've had to disable the WinMX and Edonkey rules to get some sites to work with IE7, and to get the end user portal to work with IE7... so it's not browser specific, necessarily.. it's a combination of the site you're visiting and the browser that is generating traffic that the IPS is seeing as "bad."  The rules are badly written, or should be rethunk... Just disable the affected items in the P2P Filtering menu for now.  I've reported this issue to Astaro Support, hopefully they'll get those rules straightened out.
  • 0 in reply to BrucekConvergent
    I'm seeing exactly the same thing.
    Firefox is going nuts - even on this site it's not recognizing a login and looping back to the login page when I put in my redentials and press Go.  Note: despite the loop, Astari.org appears to recognize the login because I can add this post. The IPS rules are showing loads of errors with WinMX and EDonkey.

    The rules create a bit of a mess.
  • 0 in reply to SalishSwede
    If it does, does that mean I should replace the NIC with one that uses a different driver? Current external NIC is an 8139.

    [FONT=monospace]2007:02:13-11:39:20 (none) barnyard[6050]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="http_inspect: BARE BYTE UNICODE ENCODING" group="0" srcip="58.167.34.41" dstip="207.46.106.22" proto="6" srcport="54614" dstport="80" sid="0" class="Unknown" priority="3" generator="119" msgid="1"

    Ian M
    [/FONT]
Reply
  • 0 in reply to SalishSwede
    If it does, does that mean I should replace the NIC with one that uses a different driver? Current external NIC is an 8139.

    [FONT=monospace]2007:02:13-11:39:20 (none) barnyard[6050]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="http_inspect: BARE BYTE UNICODE ENCODING" group="0" srcip="58.167.34.41" dstip="207.46.106.22" proto="6" srcport="54614" dstport="80" sid="0" class="Unknown" priority="3" generator="119" msgid="1"

    Ian M
    [/FONT]
Children