Hello all,
We have an OpenFire XMPP chat server in our DMZ. It had been running fine for months. Upgraded to 7.501 yesterday (ASG425a cluster).
After the upgrade, queries from the OpenFire / LDAP to our AD server running on the trusted network were taking minutes to return.
The cause was inexplicable. You could SSH, you could do a command line LDAP bind and query, MySQL continued to work etc. etc. We packet traced with Wireshark and saw all sorts of connection resets.
Thankfully someone else has posted on the forums about 7.501 IDS oddities. A quick look in the IDS logs yielded:
WEB-MISC Microsoft Active Directory LDAP query DoS attempt
This is clearly incorrect so I disabled rule 16202 and everything is back to normal.
What I don't understand is:
1. Why the upgrade would start triggering these events? New patterns?
2. When I had all notifications all turned on no emails were emitted?
Anyway it's solved now so I hope this is of use for someone else trying to debug upgrade oddities.
This thread was automatically locked due to age.
