Hi,
we use Astaro ASG525 and configure IPS for it according to Sophos manual.
But we feel intrusion prevention don’t drop packet.
please pay attention to this log:
---------------------------------------------------------------------------------------------------------
id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion
protection alert" action="alert" reason="MISC SSL CBC encryption mode
weakness brute force attempt" group="500" srcip="x.x.x.x"
dstip="y.y.y.y" proto="6" srcport="---" dstport="--" sid="20212"
class="Attempted Information Leak" priority="2" generator="1"
msgid="0"
---------------------------------------------------------------------------------------------------------
action is (alert) but we configure (drop)
please help us,
Thanks.
This thread was automatically locked due to age.