after the last ips patterns update released on friday 12th:
Up2Date 7.165 package description:
RPM packages contained:
u2d-ips-7.164-165.patch.rpm
I'm getting a lots (hundreds) of IPS alerts like this:
Message........: DOS Microsoft Windows TCP SACK invalid range denial of service attempt
Details........: www.snort.org/.../sigs.cgi
Time...........: 2010:02:15-12:50:44
Packet dropped.: yes
Priority.......: 2 (medium)
Classification.: Attempted Denial of Service
IP protocol....: 6 (TCP)
I'm sure this is a false positive because this alerts is related to a well kown TCP traffic involving an external device to an internal DMZ server.
Again Astaro continues to give an invalid snort link as detail and however in this case, the sid=16408 is not defined in the snort rules (Snort seach)
Does anyone detect this strange behaviour?
This thread was automatically locked due to age.
