Hi!
Since 16 oktober 2008 this message is spamming my astaro log. When i check live log packets at the same time as the log creates the event it is the wsus service on client servers reporting in status of windows update status. Has something changed in intrusion pattern file since latest update that could have something to do with this? 192.168.201.14 is the wsus server. All my client servers has reported th same event.
An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future, set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.
Details about the intrusion alert:
Message........: SQL generic sql update injection attempt
Details........: Snort - the de facto standard for intrusion detection/prevention
Time...........: 2008:10:22-09:17:14
Packet dropped.: no
Priority.......: 1 (high)
Classification.: Web Application Attack
IP protocol....: 6 (TCP)
Source IP address: 192.168.40.11
- DNS Stuff: DNS tools, DNS hosting tests, WHOIS, traceroute, ping, and other network and domain name tools.
- Query the RIPE Database
- ARIN: WHOIS Database Search
- Query the APNIC Whois Database
Source port: 3243 (timelot)
Destination IP address: 192.168.201.14
- DNS Stuff: DNS tools, DNS hosting tests, WHOIS, traceroute, ping, and other network and domain name tools.
- Query the RIPE Database
- ARIN: WHOIS Database Search
- Query the APNIC Whois Database
Destination port: 80 (http)
KR
Mattias
This thread was automatically locked due to age.