Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 7561 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attempted User Privilege Gain?

sbohon@midwestcomputech.c
Can someone help?  Intrusion protection seems to be implying that an attempt to access one of our servers at 10.110.10.39 has been detected.

2013:12:23-09:12:10 firewall-1 snort[4686]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BROWSER-PLUGINS Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access" group="320" srcip="150.199.0.231" dstip="10.110.10.39" proto="6" srcport="80" dstport="63007" sid="20706" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2013:12:23-09:27:12 firewall-1 snort[4686]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BROWSER-PLUGINS Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access" group="320" srcip="150.199.0.231" dstip="10.110.10.39" proto="6" srcport="80" dstport="63051" sid="20706" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2013:12:23-09:42:13 firewall-1 snort[4686]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BROWSER-PLUGINS Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access" group="320" srcip="150.199.0.231" dstip="10.110.10.39" proto="6" srcport="80" dstport="63062" sid="20706" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2013:12:23-09:57:14 firewall-1 snort[4686]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BROWSER-PLUGINS Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access" group="320" srcip="150.199.0.231" dstip="10.110.10.39" proto="6" srcport="80" dstport="63071" sid="20706" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2013:12:23-10:12:15 firewall-1 snort[4686]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BROWSER-PLUGINS Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access" group="320" srcip="150.199.0.232" dstip="10.110.10.39" proto="6" srcport="80" dstport="63083" sid="20706" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2013:12:23-10:27:16 firewall-1 snort[4686]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BROWSER-PLUGINS Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access" group="320" srcip="150.199.0.232" dstip="10.110.10.39" proto="6" srcport="80" dstport="63092" sid="20706" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2013:12:23-10:42:17 firewall-1 snort[4686]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BROWSER-PLUGINS Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access" group="320" srcip="150.199.0.231" dstip="10.110.10.39" proto="6" srcport="80" dstport="63122" sid="20706" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"
2013:12:23-10:57:18 firewall-1 snort[4686]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BROWSER-PLUGINS Microsoft Internet Explorer Time DATIME.DLL ActiveX clsid access" group="320" srcip="150.199.0.232" dstip="10.110.10.39" proto="6" srcport="80" dstport="63132" sid="20706" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"


This thread was automatically locked due to age.
Parents
  • 0
    Hi & welcome,

    Alerts like this are common for systems using the Internet; it means the IPS is doing its job.

    You say that's a server; is someone surfing from it?

    Info on that Snort rule:
    Snort ::

    If your systems are patched you should be OK, but again, the UTM/IPS is doing what it's supposed to.

    Barry
Reply
  • 0
    Hi & welcome,

    Alerts like this are common for systems using the Internet; it means the IPS is doing its job.

    You say that's a server; is someone surfing from it?

    Info on that Snort rule:
    Snort ::

    If your systems are patched you should be OK, but again, the UTM/IPS is doing what it's supposed to.

    Barry
Children
No Data