Astaro 220 set up in transparent mode. Used as an intermediary in-line device between our perimeter firewall and our LAN. The LAN (eth0) and WAN (eth1) interfaces are bridged.
Been getting a ton of alerts for
[FONT=Consolas][SIZE=3]Details about the intrusion alert:[/SIZE][/FONT]
[FONT=Consolas][SIZE=3] [/SIZE][/FONT]
[FONT=Consolas][SIZE=3]Message........: NETBIOS SMB-DS IPC$ unicode share access[/SIZE][/FONT]
[FONT=Consolas][SIZE=3]Details........: [/SIZE][/FONT][FONT=Consolas][SIZE=3]http://www.snort.org/pub-bin/sigs.cgi?sid=2466[/SIZE][/FONT]
[FONT=Consolas][SIZE=3]Time...........: 2007:07:05-14:02:06[/SIZE][/FONT]
[FONT=Consolas][SIZE=3]Packet dropped.: no[/SIZE][/FONT]
[FONT=Consolas][SIZE=3]Priority.......: 3 (low)[/SIZE][/FONT]
[FONT=Consolas][SIZE=3]Classification.: Generic Protocol Command Decode IP protocol....: 6 (TCP)[/SIZE][/FONT]
The source are remote VPN users, who are between the perimeter firewall and the WAN interface of the Astaro, so I'm certain that it's safe to ignore this one. Here's the problem, I go to Network Security>Intrusion Protection>Advanced click to add a modified rule, type in 2466 for the ID. At first I just disabled notifications, but still kept getting them. Now I have selected disable this rule and I'm still getting notifications.
This thread was automatically locked due to age.
