This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt

Hi

- I am using Open DNS to additional security.

- Recently I get the following IPS Alerts.

Message........: BAD-TRAFFIC TMG Firewall Client long host entry exploit attempt
Details........: Snort ::
Time...........: 2012-10-27 11:26:10
Packet dropped.: no
Priority.......: high
Classification.: Attempted User Privilege Gain IP protocol....: 17 (UDP)

Source IP address: 208.67.222.222 (resolver1.opendns.com)

- I believe it is a False Alarm since OpenDNS can be trusted (I think)

- Another strange behavior is when the Destination is to my VPN (iPhone VPN, Laptop SSL VPN)

- Since I am a home users - I can only report here hopefully someone will fix this signature?

- For now, I set FROM and TO OpenDNS = By Pass IPS for all settings.

- But Ideally I dont want to set exceptions in case one day there is really some malicious traffic.

This thread was automatically locked due to age.

Parents

0 BAlfson over 12 years ago

They're tuning these all of the time. I don't usually clean out old rules, but BruceKConvergent reports that he does because he finds the false-positives are almost-always fixed after awhile.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 12 years ago

They're tuning these all of the time. I don't usually clean out old rules, but BruceKConvergent reports that he does because he finds the false-positives are almost-always fixed after awhile.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data