This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[IPS hits sid #20212 | id #2101] how to solve/block this access/attack

At the moment I have some trouble with the IPS at the latest UTM 9 (9.003-16). The log files are full of messages like that:

2012:10:25-14:43:53 firewall snort[9579]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="MISC SSL CBC encryption mode weakness brute force attempt" group="500" srcip="79.242.188.236" dstip="192.168.7.24" proto="6" srcport="50215" dstport="443" sid="20212" class="Attempted Information Leak" priority="2" generator="1" msgid="0"

I skipped the intrusion protection woing to the host 192.168.7.24, but there are still entries in the log files.

Any ideas what kind of access/attack it is and how to fix it?

kind regards

This thread was automatically locked due to age.

Parents

0 wingman over 12 years ago

Any ideas what kind of access/attack it is and how to fix it?

kind regards

Are you using chrome?

Snort ::
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 wingman over 12 years ago

Any ideas what kind of access/attack it is and how to fix it?

kind regards

Are you using chrome?

Snort ::
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data