This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ares p2p and AD

I seem to have Ares traffic coming from our DC, is this right? Or is the astaro picking up real AD traffic and seeing it as Ares traffic. Astaro is blocking with no ill effect. Thanks Subs.

This thread was automatically locked due to age.

Parents

0 BrucekConvergent over 17 years ago

Well, check the IM/P2P logs... is the source port (or destination port, as the case may be) 389 or 636? If so, then it's probably a false positive... I'd add the DC to the skiplist in the IM/P2P setup for Ares, and, if you have support, report the false positives to Astaro, so they can figure out why it's being triggered. There are similar false positives being detected as Winny for RDP traffic, and some DNS traffic is picked up as MSN, on our systems (we've set them to log only until Astaro figures out how to stop the false positives). It's a pretty tricky thing to accomplish...
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BrucekConvergent over 17 years ago

Well, check the IM/P2P logs... is the source port (or destination port, as the case may be) 389 or 636? If so, then it's probably a false positive... I'd add the DC to the skiplist in the IM/P2P setup for Ares, and, if you have support, report the false positives to Astaro, so they can figure out why it's being triggered. There are similar false positives being detected as Winny for RDP traffic, and some DNS traffic is picked up as MSN, on our systems (we've set them to log only until Astaro figures out how to stop the false positives). It's a pretty tricky thing to accomplish...
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data