This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NNTP blocked bei IPS after Update 7.508

Hi,

since 7.508 Update NNTP will be blocked by IPS.

I will get this IPS log, when trying to access support-forums.novell.com:

id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="NNTP XHDR buffer overflow attempt" group="500" srcip="130.57.5.50" dstip="10.130.0.115" proto="6" srcport="119" dstport="1558" sid="12636" class="Attempted User Privilege Gain" priority="1" generator="3" msgid="0"

Ho w can I change this behaviour?
Markus

This thread was automatically locked due to age.

Parents

0 BAlfson over 14 years ago

Gerhard, I was careless in the example picture (this now is corrected as noted in in posts #2 and #4). You want the number indicated by sid= instead of id=.

What version of Astaro - 7.508?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 14 years ago

Gerhard, I was careless in the example picture (this now is corrected as noted in in posts #2 and #4). You want the number indicated by sid= instead of id=.

What version of Astaro - 7.508?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 rooster over 14 years ago in reply to BAlfson

>What version of Astaro - 7.508?
Yes, Firmware version: 7.508

Now tried it with Rule Id: 12636.
-> Works!

2010:12:04-19:51:22 fwcoq snort[28733]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="NNTP XHDR buffer overflow attempt" ... sid="12636" ...

Thx for the help.

regards
Gerhard
Cancel
Vote Up 0 Vote Down

Cancel