Since about 12-24 hours ago, we lost connection to one of our FTP sites.
Problem is IPS rules. If I create an exception for the site in IPS, traffic flows fine. If I remove it, the firewall is dropping outbound FTP traffic from that server, despite packet filter rules to allow it.
I am not receiving any notifications from the firewall regarding this.
Log shows: 2012:12:04-03:19:52 asg-lon-01 snort[7514]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="10.0.44.27" dstip="192.168.3.30" proto="6" srcport="21" dstport="42558" sid="13360" class="Misc activity" priority="3" generator="1" msgid="0"
Presume that browser is attempting anonymous first? Then retrying with cached password?
Happens in Chrome and IE. Also happens when no password is cached.
This thread was automatically locked due to age.