Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 968 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attacks Rules

drivecomadmin
i'm running asg320 v7.306 and i have to admit i'm new @ this.
looking @ the executive report i noticed there are two attack events listed below
1 2578 EXPLOIT kerberos principal name overflow UDP x 6
2 12465  EXPLOIT Apache APR memory corruption attempt x 1

Where can i find descriptions for the attack rules so as i can better understand what these attacks are all about and if anyone can tell me what can be done to prevent these attacks

thanks guys,


This thread was automatically locked due to age.
  • 0
    You don't need to prevent the attacks if they're coming from the internet, that's what the IPS is for!
    However, if they're coming from your computers, then you need to find out why.

    I'm not saying you shouldn't keep your servers patched though.


    The 2nd column (e.g. 2578 or 12465) is the Snort rule ID.

    You can find the Snort docs online, e.g.

    snort/doc/signatures/2578.txt - view - 1.2

    has the info on 2578.

    12465 seems to not be fully documented, but googling 
    Apache APR memory corruption
    or
    Apache APR memory corruption snort
    finds a lot of info.

    Barry
  • 0 in reply to BarryG
    Are you running Kerberos or Apache on your network?  If not, it might be interesting to track down, but certainly not worth much worry (unless, as Barry said, the attacks are coming from inside your network).