I get the following IPS message:
Intrusion Prevention Alert
An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.
Details about the intrusion alert:
Message........: FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt
Details........: Snort ::
Time...........: 2014-02-27 19:59:37
Packet dropped.: yes
Priority.......: high
Classification.: Attempted User Privilege Gain IP protocol....: 6 (TCP)
Source IP address: 74.125.104.45
- Professional Toolset | DNSstuff
- Database Query
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=74.125.104.45
- APNIC - Query the APNIC Whois Database
Source port: 80 (http)
Destination IP address: 192.168.100.12 ()
- Professional Toolset | DNSstuff
- Database Query
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=192.168.100.12
- APNIC - Query the APNIC Whois Database
Destination port: 37860
--
System Uptime : 5 days 22 hours 13 minutes
System Load : 0.08
System Version : Sophos UTM 9.109-1
Please refer to the manual for detailed instructions.
On the SNORT Website (https://snort.org/vrt/docs/ruleset_changelogs/2946/changes-2014-01-23.html) you can see that this rule has been disabled by SNORT.
But not by SOPHOS - How can I disable this rule?
Thanks
Feo
This thread was automatically locked due to age.
