Hello,
I recently upgraded my ASG box to ASG 8.2. I am continually getting email about Intrusion Prevention Alerts of varying priority. On the previous version, I wasn't getting these and haven't changed my notifications. Below is an example. Did something change in ASG 8.2?
Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: WEB-CLIENT HTML DOM invalid DHTML comment creation attempt
Details........: Snort ::
Time...........: 2011:08:23-10:24:25
Packet dropped.: yes
Priority.......: high
Classification.: Attempted User Privilege Gain IP protocol....: 6 (TCP)
Source IP address: 98.129.63.179
- Where are my results?
- Database Query
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=98.129.63.179
- APNIC - Query the APNIC Whois Database
Source port: 80 (http)
Destination IP address: 192.X.X.X
- Where are my results?
- Database Query
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=192.X.X.X
- APNIC - Query the APNIC Whois Database
Destination port: 58418
--
System Uptime : 3 days 8 hours 0 minutes
System Load : 0.22
System Version : Astaro Security Gateway 8.201
Please refer to the manual for detailed instructions.
This thread was automatically locked due to age.
