Hi all,
I'm getting this random IDS alarm:
MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt
It's between my OpenFire server in the DMZ and our centralised DB server inside our network (port 3389).
There doesn't seem to be anywhere in Intrusion Protection -> Advanced -> Performance tuning to add a DMZ host of this type (ie. the OpenFire one). Or should I add the SQL server in there?
The IDS exceptions seem to be way too general. How can I say "between these two hosts turn off this SNORT IDS rule"?
TIA,
James
This thread was automatically locked due to age.
