Good morning/afternoon/evening,
So, an interesting thing occurred last night after installing Vuze on a computer here at home.
I started getting a bunch of emails from ASG about a portscan being detected, and the IP address of the offending host was the same as the machine I just installed Astaro on.
I shutdown the application for an hour, checked my email client, and the emails stopped. The emails started to occur again shortly after restarting Vuze.
I've searched snortid.com for the rule id: 60017, but haven't found anything, and I have port 37011 forwarded from outside the network to the offending host.
I also have Anti-Portscan configured to drop offending connections. I think Astaro is detecting the P2P traffic as a portscan, or maybe it is, does anyone have any suggestions? I'm open to using a different P2P client, or could this be Vuze being bad
2009:10:23-07:15:38 nepvpn02 ulogd[3126]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" seq="0" initf="eth0" outitf="eth1" dstmac="00:80:c6:e9:88:46" srcmac="***" srcip="***" dstip="77.49.166.17" proto="17" length="91" tos="0x00" prec="0x00" ttl="127" srcport="37011" dstport="21367"
This thread was automatically locked due to age.
