Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 2 subscribers
  • Views 2711 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NNTP blocked bei IPS after Update 7.508

Markus S.
Hi,

since 7.508 Update NNTP will be blocked by IPS.

I will get this IPS log, when trying to access support-forums.novell.com:

id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="NNTP XHDR buffer overflow attempt" group="500" srcip="130.57.5.50" dstip="10.130.0.115" proto="6" srcport="119" dstport="1558" sid="12636" class="Attempted User Privilege Gain" priority="1" generator="3" msgid="0" 

Ho w can I change this behaviour?
Markus


This thread was automatically locked due to age.
Parents
  • 0
    I think you're understanding it correctly.

    In the past, Astaro deactivated some rules in the standard setup.  This got them some bad publicity in early 2009 because a well-known magazine ranked them below others.  Not one Astaro customer complained of having been attacked successfully, but the point was made, and Astaro decided to upgrade IPS and include every rule.  The good news is that it's "better."  The bad news is that it takes more effort to use it and keep it from disrupting things.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I think you're understanding it correctly.

    In the past, Astaro deactivated some rules in the standard setup.  This got them some bad publicity in early 2009 because a well-known magazine ranked them below others.  Not one Astaro customer complained of having been attacked successfully, but the point was made, and Astaro decided to upgrade IPS and include every rule.  The good news is that it's "better."  The bad news is that it takes more effort to use it and keep it from disrupting things.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Cookie Information Banner