I am receiving the below Intrusion Prevention Alert message every 5 minutes or so.
-- background info --
172.20.1.1 (AstaroDevice01) is my Internet-facing ASG320
Destination IP address: 172.20.1.210 (ExhangeServer01) is my internal Exhange server
AstaroDevice01 is permitted to relay inbound e-mail to ExhangeServer01. Any idea what this message means? There are messages sitting in the Spool, quarantine, etc.
------------------------------
Message Below
------------------------------
Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: ATTACK-RESPONSES Microsoft cmd.exe banner
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=2123
Time...........: 2010:01:28-14:11:00
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: Successful Administrator Privilege Gain IP protocol....: 6 (TCP)
Source IP address: 172.20.1.1 (AstaroDevice01)
Source port: 39842
Destination IP address: 172.20.1.210 (ExhangeServer01)
Destination port: 25 (smtp)
--
HA Status : HA MASTER (node id: 1)
System Uptime : 19 days 1 hours 38 minutes
System Load : 0.40
System Version : Astaro Security Gateway Appliance 7.502
Please refer to the manual for detailed instructions.
------------------------------
Thanks!
This thread was automatically locked due to age.
