Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 2 subscribers
  • Views 2688 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NNTP blocked bei IPS after Update 7.508

Markus S.
Hi,

since 7.508 Update NNTP will be blocked by IPS.

I will get this IPS log, when trying to access support-forums.novell.com:

id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="NNTP XHDR buffer overflow attempt" group="500" srcip="130.57.5.50" dstip="10.130.0.115" proto="6" srcport="119" dstport="1558" sid="12636" class="Attempted User Privilege Gain" priority="1" generator="3" msgid="0" 

Ho w can I change this behaviour?
Markus


This thread was automatically locked due to age.
Parents
  • 0
    Thanks a lot for that hint.
    But even when I disabled Rule ID 2101 I Will get the following IPS log :

    2010:11:25-09:16:58 security-gateway snort[12451]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="NNTP XHDR buffer overflow attempt" group="500" srcip="130.57.5.50" dstip="10.130.0.115" proto="6" srcport="119" dstport="1361" sid="12636" class="Attempted User Privilege Gain" priority="1" generator="3" msgid="0" 

    Is there still an other place to change this?
  • 0 in reply to Markus S.
    Thanks a lot for that hint.
    But even when I disabled Rule ID 2101 I Will get the following IPS log :

    2010:11:25-09:16:58 security-gateway snort[12451]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" ...

    Is there still an other place to change this?


    Me the same problem.
    Disabling IPS for the address is *no* solution for me!!

    Why does the IPS not change from 'Drop' to 'Warn' in 'Manual Rule modification'?
    Start and stop doesn't help too.

    regards
    gerhard
Reply
  • 0 in reply to Markus S.
    Thanks a lot for that hint.
    But even when I disabled Rule ID 2101 I Will get the following IPS log :

    2010:11:25-09:16:58 security-gateway snort[12451]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" ...

    Is there still an other place to change this?


    Me the same problem.
    Disabling IPS for the address is *no* solution for me!!

    Why does the IPS not change from 'Drop' to 'Warn' in 'Manual Rule modification'?
    Start and stop doesn't help too.

    regards
    gerhard
Children
No Data