I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.
Firmware is 17.1.3 MR3
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.
Firmware is 17.1.3 MR3
Hello
I'm working around the same problems
2019-03-01 15:36:17
|
Signatures
|
Drop
|
192.168.0.91
|
172.16.0.7
|
45069
|
SERVER-SAMBA Samba write andx command memory leak attempt
|
server-samba
|
Windows
|
Server
|
8
|
07002
|
|||
IPS
|
2019-03-01 15:34:05
|
Signatures
|
Drop
|
192.168.0.91
|
172.16.0.7
|
45069
|
SERVER-SAMBA Samba write andx command memory leak attempt
|
server-samba
|
Windows
|
Server
|
8
|
07002
|
||
IPS
|
2019-03-01 15:29:29
|
Signatures
|
Drop
|
192.168.131.253
|
172.16.0.7
|
45069
|
SERVER-SAMBA Samba write andx command memory leak attempt
|
server-samba
|
Windows
|
Server
|
8
|
07002
|
||
IPS
|
2019-03-01 15:24:16
|
Signatures
|
Drop
|
192.168.131.253
|
172.16.0.7
|
45069
|
SERVER-SAMBA Samba write andx command memory leak attempt
|
server-samba
|
Windows
|
No IPS on this firewall Rule ( 8 )
console> show ips_conf
config stream 1
config maxsesbytes 0
config stdsig 1
config qnum 10
config maxpkts 8
config disable_tcpopt_experimental_drops 0
config mmap 0
config enable_appsignatures 1
config mmapfilepath 1
config failclose off
config memmode 1
var SEARCH_METHOD hyperscan
var SIP_STATUS enabled
var IGNORE_CALL_CHANNEL enabled
var TCP_POLICY windows
var LOCAL_RULE local.rules
config cpulist 0:1
var TCP_BLOCK nblock
var DETECT_ANOMALIES no
Errors when Sharing files
With IPS Service Stoped , the fole share works fine
Firmware Version (SFOS 17.5.1 MR-1)
Hi rdebraga
Your issue looks to be a different one, as the IPS signature being triggered is listed:
I would also request for you to enable the support access tunnel on your appliance and PM me with the ID for a closer look.
Thanks!
Hi rdebraga
Your issue looks to be a different one, as the IPS signature being triggered is listed:
I would also request for you to enable the support access tunnel on your appliance and PM me with the ID for a closer look.
Thanks!