I just got a notification for a packet that was supposed to be dropped as per my config (pic attached) by the IPS but instead I just got an alert. I am using version 8.201
2011:08:17-09:15:13 stuffman snort[8411]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="SPECIFIC-THREATS LANDesk Management Suite Alerting Service buffer overflow" group="500" srcip="192.168.*.***" dstip="192.168.**.**" proto="17" srcport="53" dstport="65535" sid="17567" class="Attempted Administrator Privilege Gain" priority="1" generator="1" msgid="0"
The rule belongs to the malware group which I am blocking as per pic
Any thoughts?
Thanks
This thread was automatically locked due to age.
