i kepp getting the IPS alert shown below:
Intrusion Prevention Alert
An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future, set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.
Details about the intrusion alert:
Message........: (ftp_telnet) FTP command parameters contained potential string format
Details........: www.snort.org/search
Time...........: 2015-02-13 14:12:14
Packet dropped.: no
Priority.......: high
Classification.: Attempted Administrator Privilege Gain IP protocol....: 6 (TCP)
Source IP address: 178.15.89.74 (utm)
Source port: 33696
Destination IP address: 82.165.240.106 (clienthosting.fr) Destination port: 21 (ftp)
All attack patterns in the IPS section are checked to be dropped. The SNORT search shows me 54 sites of possible events related to the SID "5".
What can i do to block these packets?
This thread was automatically locked due to age.
