Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 8 subscribers
  • Views 18805 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt

twister5800

After the last IPS update, I keep getting this triggered from and to my Veeam Backup server:

Intrusion Prevention Alert

An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.

Details about the intrusion alert:

Message........: SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
Details........: https://www.snort.org/search?query=38246
Time...........: 2016-03-27 04:24:04
Packet dropped.: yes
Priority.......: high
Classification.: Attempted Administrator Privilege Gain
IP protocol....: 6 (TCP)

Source IP address: 192.168.4.19 
Source port: 51783
Destination IP address: 192.168.110.22 
Destination port: 2501 (rtsclient)
        
-- 
System Uptime      : 9 days 11 hours 31 minutes
System Load        : 0.23
System Version     : Sophos UTM 9.400-9

Please refer to the manual for detailed instructions.

Intrusion Prevention Alert

An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.

Details about the intrusion alert:

Message........: SERVER-OTHER Flexera FlexNet Publisher stack buffer overflow attempt
Details........: https://www.snort.org/search?query=38247
Time...........: 2016-03-26 23:03:00
Packet dropped.: yes
Priority.......: high
Classification.: Attempted Administrator Privilege Gain
IP protocol....: 6 (TCP)

Source IP address: 192.168.10.30 
Source port: 64442
Destination IP address: 192.168.110.10 
Destination port: 2500 (rtsserv)
        
-- 
System Uptime      : 9 days 7 hours 10 minutes
System Load        : 0.14
System Version     : Sophos UTM 9.400-9

Please refer to the manual for detailed instructions.

I definately NOT have Flex Licensing installed..

Anyone seeing this?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to jon8145

    Up Date:

    Hi Jon,

    Than you for the update,

    Then we wait and see what happens.

    In meantime I did create an exception for the IPS for the IP address and service that IP use to access our net, For the time being it works and customer can upload files.

    Please keep us posted if you hear anything else, I really appreciate it.

    Thanks

    update:

    It look like creating exception has solve the issue, but problem is what we are going to do with all of other users that want upload large amount of  files with FTP? today I can see that one more IP has been dropted, we cannot just create exception for each IP address.

    I hope Sophos come up with a solution