Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 8301 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS attacks with source IP addresses of UTM

FormerMember
FormerMember

Hi,

 

today, i've got many IPS alerts with the source IP of UTM's LAN and WAN ports.

Is this normal?

 

Regards Meghan

 

P.S. The address No.1 in Screenshot 1 is the LAN IP of UTM and address No.2 is the WAN IP of UTM



This thread was automatically locked due to age.
Parents Reply Children
  • FormerMember
    0 FormerMember in reply to sachingurung

    Hi Sachin,

     

    the source IP adresses are the IP of the UTM appliance.

     

    Regards

  • 0 in reply to FormerMember

    Hi Meghan,

    What is the destination IP in those drops, internal LAN IP external addresses? Alongside, are the patterns are up2date? 

    This could be a possible DNS cache poisoning attempt on your IP address which is dropped by the UTM's ATP module. The quick fix is to get your public IP address changed by the ISP. Alongside, go to Management | up2date and verify that the UTM patterns are up to date. This could also be caused by a pattern update and probably a false positive.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Unfiltered HTML