Hopefully me logging this will help someone else if they come across the issue - I've had great help from other folks here in the past on so many things, so this is a drop in the bucket of me contributing back, but it's a start!
So...I was trying to listen to a stream of music from my PC and it would sit there loading and loading and then just not work. I verified the packet filter rules and packet filter log files but still couldn't see any reason why it wouldn’t work.
Other streams seemed to work fine, but a handful here and there weren't working!
A test on a different network revealed that the site/stream wasn't down either, so what could be happening with my ASG or network?
I noticed in my daily executive report a massive increase in IPS attacks blocked! From an average 4 - 5 a month, to a whopping 8 in one day! Wait a second…That's about how many times I tried to load the stream (while adding the packet filters, etc). I checked the IPS logs and saw it report the following when I attempted to connect again:
MULTIMEDIA Shoutcast playlist redirection
Ah ha! Now what the heck does this mean though? Web searches didn't yield anything that made sense to me (all related to snort and that's something I haven't had the pleasure of playing with yet).
So instead I looked at my IPS settings a little closer and realized I had both my internal networks AND my uplinks specified when it clearly says to include the Local networks only - doh! After removing the uplinks from the sensor, the stream loaded just fine!
So now I'm of course naturally curious to know exactly what was happening. Did the IPS detect the inbound stream and think it was a new (foreign) connection or something…? Was this really the correct thing to do (remove the WAN connections from IPS sensor)? I'm amazed, now that I think of it, that I didn't see more IPS alerts logged in the past since it was monitoring my WAN link!
Any thoughts?
This thread was automatically locked due to age.