One of my guest connected on my wireless and I keep getting the IPS block rule below (The IPS is blocking it because it's part of the extra alerts and I've manually set it to block)
Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt
Details........: www.snort.org/.../19187
Time...........: 2011:09:05-21:37:48
Packet dropped.: yes
Priority.......: high
Classification.: Attempted User Privilege Gain
IP protocol....: 17 (UDP)
Source IP address: 208.67.222.222 (resolver1.opendns.com)
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
Source port: 53 (domain)
Destination IP address: 172.16.2.1
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
Destination port: 51452
--
System Uptime : 1 day 10 hours 0 minutes
System Load : 0.06
System Version : Astaro Security Gateway 8.201
Please refer to the manual for detailed instructions.
I have no idea what that rule is as I can't find information on the URL provided. Has anyone seen it before? It happens only with the specific client. The user is using latest chrome/firefox browsers and he noticed the issue as some times he get "no internet page".
Also I've tried to change the DNS and got the same IPS message but the source was the google DNS this time [:)]
Thanks
This thread was automatically locked due to age.
