I'm experiencing some trouble with my UTM since the last past days.
Does anybody know what's going on here?
My mailbox is stuck with a few thousand emails with this message.
Weird is that I didn't change anything, so please be so kind and supply a hint for me! :-)
Intrusion Prevention Alert
An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future,
set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.
Details about the intrusion alert:
Message........: PROTOCOL-ICMP PING BSDtype
Details........: www.snort.org/.../368
Time...........: 2012-12-03 20:22:18
Packet dropped.: no
Priority.......: low
Classification.: Misc activity
IP protocol....: 1 (ICMP)
Source IP address: 109.230.243.166 (frankfurt01.worker.wemonit.de)
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
Source port: 0
Destination IP address: 11.22.33.44 (www.mydomain.de)
- www.dnsstuff.com/.../ptr.ch
- www.ripe.net/.../whois
- ws.arin.net/.../whois.pl
- cgi.apnic.net/.../whois.pl
Destination port: 0
-- System Uptime : 1 day 22 hours 20 minutes System Load : 0.28 System Version : Sophos UTM 9.004033 Please refer to the manual for detailed instructions.
Cheers,
Michael
This thread was automatically locked due to age.
