This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.000] IPS blocks many Websites !

xenon2008 over 13 years ago

Hello,

Since i have upgraded my ASG to v9.000-8 many Websites does not load or load only very slowly and not correctly!

I have only IPS eneabled! No Proxy or Application Control...

In the IPS log is always one event shown like this:
2012:07:22-17:42:49 ***XX-1 snort[5377]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="WEB-CLIENT Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt" group="320" srcip="2.21.97.107" dstip="192.1XX.***.***" proto="6" srcport="80" dstport="4086" sid="11257" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

for example this websites:
Golem.de: IT-News für Profis
feature.astaro.com

and many other websites ...

what ist "WEB-CLIENT Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt" ? i dont want to disable the complete rule ....

please help me [:(]

best regards
xenon

This thread was automatically locked due to age.

Parents

0 Mark Percy over 13 years ago

Hi,

I had a similar setup on my internal network and have observed the same behaviour, and thougt it was the DNS, that were causing the problems.

I also use version UTM version 9.

I have not found the reason, but a (tempoary) workaround. By running the network through the proxy all the problems is gone.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Mark Percy over 13 years ago

Hi,

I had a similar setup on my internal network and have observed the same behaviour, and thougt it was the DNS, that were causing the problems.

I also use version UTM version 9.

I have not found the reason, but a (tempoary) workaround. By running the network through the proxy all the problems is gone.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data