Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 2730 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange action with Firefox compared to I.E.7

FreudianSlip
Hi all,

I had to recover back to backup today due to my own fault, however in testing the recovered solution I came across this .....

In I.E.7, I could attach to sites such as tesco.com & expedia.co.uk after being authenticated by the astaro proxy as usual - good response.

However, when I configured firefox to use the proxy, sites such as those were just timing out, but worked if I unchecked the proxy within firefox.

It took me ages to find that the IPS (Barnyard) was reporting P2P traffic on port 8080 from my system, which was of course fantasy as I was simply browsing.  This same report did not happen if I used I.E.7.

Is there something I'm doing wrong here (which is highly likely and possible) or is there a problem with the IPS subsystem?

====================

2007:02:09-15:57:22 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
2007:02:09-15:57:25 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
2007:02:09-15:57:31 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
2007:02:09-15:57:43 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
2007:02:09-15:58:07 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"
2007:02:09-15:58:55 (none) barnyard[19759]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="P2P WinMX traffic" group="709" srcip="192.168.1.130" dstip="192.168.1.100" proto="6" srcport="1488" dstport="8080" sid="90060" class="Potential Corporate Privacy Violation" priority="1" generator="1" msgid="0"


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    Same problem here with v7.002 - the P2P rules generate tremendeus amounts of false positives with Firefox 2.x and IE 7, haven't tried with older versions.

    Especially WinMX is totally broken, normal web browsing causes alerts and is blocked:
    reason="P2P WinMX traffic" group="709" srcip="10.0.100.170" dstip="213.140.187.104" proto="6" srcport="1562" dstport="80" 
    This is normal http browsing to a newspaper site, wtf? How on earth can that be diagnosed as WinMX traffic???

    Then our document management system (using tcp/2266) started creating hits for eDonkey and accounting system for Winny - finally I gave up and disabled P2P control and IPS completely, their implementation is too broken at the moment. Very disturbing. [:@] 

    -Tommy
  • 0 in reply to Tommy13
    Yep, very frustrating that they have not fixed these P2P false positives yet.. I reported this back when version 7.0 was released.. still not fixed, makes the P2P features pretty much worthless.  I'm getting frustrated too.
Reply Children
  • 0 in reply to BrucekConvergent
    Oh guys, you just made my day!
    I have been spending quite an amount of time on this problem.
    I noticed Firefox and sometimes IE being very bitchy about some websites AND I couldn't find a source for all the obviously false WINMY-IPS alarms.
    But I would NEVER have figured out, that the both are related...

    Thanks again,

    DiePlage