This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

~ 10 IPS warnings a day - is this normal or do i have a problem?

Hi everyone,

 

i hope i didn't miss a thread where this question is already answered. I have the following concerns:

 

I am using Sophos UTM 9.6 (temoprarily) behind a router as exposed host, Sophos IP 192.168.178.4. Furthermore im using the Sophos Web Server Protection to protect my nextcloud and exchange server, obviously port 80 and 443.

Since a few days, i get the following two warnings from IPS around 10 times a day, from randomly changing IPs:

----------

2019:09:28-19:04:37 sophos snort[17851]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt" group="110" srcip="185.153.196.48" dstip="192.168.178.4" proto="6" srcport="53835" dstport="443" sid="49040" class="Attempted User Privilege Gain" priority="1" generator="1" msgid="0"

2019:09:28-09:59:17 sophos snort[17851]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="SERVER-WEBAPP D-Link DSL-2750B routers login.cgi command injection attempt" group="218" srcip="110.232.80.145" dstip="192.168.178.4" proto="6" srcport="55346" dstport="80" sid="46736" class="Web Application Attack" priority="1" generator="1" msgid="0"

---------

 

I do not use RDP without VPN, so no (D)NAT rule is set. I do not have a D-Link router neither.

So to precise my questions:

 

1. I assume this is some random attack, some guys just scan random IPs on the internet, see my open 80+443 ports and try to attack my with this two attacks. May this be right?

 

2. Is it kinda normal that i get so many attacks? Or does this quantity of warnings maybe point to a vulnerability i might have?

 

Much Thanks in advance!

 

John



This thread was automatically locked due to age.
Parents Reply Children
No Data