I have a 220 running as a firewall and a 120 running the mail scanner.
Over the weekend I updated from 8.103 to 8.201
Among other annoying issues, I'm getting IPS alerts all of a sudden. What I find confusing is the source of the alert is the ASG220 itself and the destination is the ASG120.
Performing the soft update to 8.202 didn't resolve the IPS issue.
Is this a false positive or what?
Here is the alert. 192.168.1.2 is the ASG220 and .5 is the ASG120 running as a mail scanner.
Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: DNS squid proxy dns PTR record response denial of service attempt
Details........: http://www.snort.org/search/sid/17484?r=1
Time...........: 2011:09:26-14:48:58
Packet dropped.: yes
Priority.......: medium
Classification.: Attempted Denial of Service
IP protocol....: 17 (UDP)
Source IP address: 192.168.1.2 (asg)
- Where are my results?
- Database Query
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=192.168.1.2
- APNIC - Query the APNIC Whois Database
Source port: 53 (domain)
Destination IP address: 192.168.1.5
- Where are my results?
- Database Query
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=192.168.1.5
- APNIC - Query the APNIC Whois Database
Destination port: 3639
This thread was automatically locked due to age.
