This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weird security issue

Hi All,
The last days several "persons" are trying to kick of a script and I get an SnortID error 2281.
The strange thing is that HTTP(S) traffic is only allowed from 1 IP address!!! This is set in Packet Filter (automatic PF rule is off). The IP's where these "attacks" come from are not from my specified IP.

NAT is set as follows:
Any->HTTP->internal server
Any->HTTPS->internal server

PF:
1 IP->HTTP->internal server
1 IP->HTTPS->internal server

How can this happen? Is Snort running for the Packet Filter or behind?
Can someone explain this to me?

This thread was automatically locked due to age.

Parents

0 BAlfson over 16 years ago

What happens if you change your DNAT to '1 IP' instead of 'Any'?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 16 years ago

What happens if you change your DNAT to '1 IP' instead of 'Any'?

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 PabloDiablo over 16 years ago in reply to BAlfson

Ill try that...
Cancel
Vote Up 0 Vote Down

Cancel