9.105-9
Running Web Proxy and IPS.
When I click the url in an IPS alert email I immediately get another alert email about that being blocked. I can't get to any of the snort docs on the rules. Here's the alert:
Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: INDICATOR-COMPROMISE id check returned root
Details........: Snort ::
Time...........: 2013-09-03 10:50:06
Packet dropped.: yes
Priority.......: medium
Classification.: Potentially Bad Traffic IP protocol....: 6 (TCP)
Source IP address: 23.23.152.48 (ec2-23-23-152-48.compute-1.amazonaws.com)
- Professional Toolset | DNSstuff
- Database Query
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=23.23.152.48
- APNIC - Query the APNIC Whois Database
Source port: 80 (http)
Destination IP address: (REMOVED)
Destination port: 40746
I can't get to "www.snort.org/.../498.
This thread was automatically locked due to age.
