Hi everyone,
since three weeks we get every day many alerts from the IPS with the same reason:
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: SPECIFIC-THREATS Microsoft SPNEGO ASN.1 library heap corruption overflow attempt
Details........: Snort ::
Time...........: 2011:02:04-09:43:43
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: Attempted Administrator Privilege Gain
IP protocol....: 6 (TCP)
Source IP address: 84.108.95.224 (bzq-84-108-95-224.cablep.bezeqint.net)
- Where are my results?
- Query the RIPE Database
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=84.108.95.224
- APNIC - Query the APNIC Whois Database
Source port: 45954
Why only one type of intrusion and why did it start three weeks ago? It is an very old issue from 2004 and Microsoft already patched this years ago.
This thread was automatically locked due to age.
