This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

skype block stop rsync, too

Hi,
we are using rsync protocol to replicate all data from our sites.
If we enable the application control to drop all skype users in our network the rsync will be detected as skype and dropped?

Thank you.
Michael

rsync: read error: Connection reset by peer (104)
rsync error: error in rsync protocol data stream (code 12) at io.c(769) [Receiver=3.0.7]

This thread was automatically locked due to age.

Parents

0 BarryG over 12 years ago

Also, please post the relevant entries from the IPS log (don't use the Live Log, it's condensed).

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 12 years ago

Also, please post the relevant entries from the IPS log (don't use the Live Log, it's condensed).

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 MMU over 12 years ago in reply to BarryG

Thank you here is the log:
Firmware version: 9.004-33
Pattern version: 39260

2012:11:29-13:23:09 asg afcd[26002]: loaded plugin '/var/sec/chroot-afc/lib/afc/vineyard.so'

2012:11:29-13:23:09 asg afcd[26002]: _afc_cfg_file_plugin_parse: 721 protocols registered

2012:11:29-13:23:09 asg afcd[26008]: AFC ready.

2012:11:29-13:24:34 asg ulogd[4275]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="1" outitf="eth2.132" mark="0x1c0" app="448" srcmac="0:20:e3:7:cd[:D]1" srcip="100.100.99.20" dstip="145.23.17.11" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="3486" dstport="888" tcpflags="ACK PSH" 

2012:11:29-13:25:06 asg ulogd[4275]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="1" outitf="eth4.129" mark="0x1c0" app="448" srcmac="0:20:e3:7:cd[:D]3" srcip="100.100.99.20" dstip="145.23.17.18" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="3499" dstport="873" tcpflags="ACK PSH" 

2012:11:29-13:26:19 asg ulogd[4275]: id="2019" severity="info" sys="SecureNet" sub="packetfilter" name="AFC Block" action="drop" fwrule="1" outitf="eth1" mark="0x21c0" app="448" srcmac="0:20:e3:7:cd[:D]0" srcip="15.5.138.17" dstip="82.238.243.41" proto="6" length="194" tos="0x00" prec="0x00" ttl="64" srcport="48579" dstport="443" tcpflags="ACK PSH"

I have also an another issue:
There must be a new pattern release for the IPS:
The traffic from our citrix gateway V5 (http) will be blocked.


2012:11:29-13:10:13 asg snort[24242]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BLACKLIST User-Agent known malicious user agent - IEEXPLORE.EXE" group="500" srcip="145.23.17.17" dstip="10.100.100.100" proto="6" srcport="39494" dstport="80" sid="7534" class="Misc activity" priority="3" generator="1" msgid="0" 

2012:11:29-13:11:32 asg snort[24242]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BLACKLIST User-Agent known malicious user agent - IEEXPLORE.EXE" group="500" srcip="145.23.17.17" dstip="10.100.100.100" proto="6" srcport="36142" dstport="80" sid="7534" class="Misc activity" priority="3" generator="1" msgid="0" 

2012:11:29-13:15:40 asg snort[24242]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BLACKLIST User-Agent known malicious user agent - IEEXPLORE.EXE" group="500" srcip="145.23.17.17" dstip="10.100.100.100" proto="6" srcport="38673" dstport="80" sid="7534" class="Misc activity" priority="3" generator="1" msgid="0" 

2012:11:29-13:17:10 asg snort[24242]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="BLACKLIST User-Agent known malicious user agent - IEEXPLORE.EXE" group="500" srcip="145.23.17.17" dstip="10.100.100.100" proto="6" srcport="38675" dstport="80" sid="7534" class="Misc activity" priority="3" generator="1" msgid="0"