I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.
Firmware is 17.1.3 MR3
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.
Firmware is 17.1.3 MR3
I am getting a million a day on every customer at 17.5.3 MR3 and the command in 133096 not present in console.
Regards
Eren ERTAS
Sophos Certified Trainer & Architect
Presales & Project Manager of DMZ Bilisim LTD STI
Hi Eren Ertas
Apologies for this inconvenience.
Note that you can still input the command without having to tab auto-complete it: "set ips tcp_option detect_anomalies disable"
Please PM me if you continue to experience issues regarding these alerts.
Let me check and watch a while
Regards
Eren ERTAS
Sophos Certified Trainer & Architect
Presales & Project Manager of DMZ Bilisim LTD STI
Hello
I'm working around the same problems
2019-03-01 15:36:17
|
Signatures
|
Drop
|
192.168.0.91
|
172.16.0.7
|
45069
|
SERVER-SAMBA Samba write andx command memory leak attempt
|
server-samba
|
Windows
|
Server
|
8
|
07002
|
|||
IPS
|
2019-03-01 15:34:05
|
Signatures
|
Drop
|
192.168.0.91
|
172.16.0.7
|
45069
|
SERVER-SAMBA Samba write andx command memory leak attempt
|
server-samba
|
Windows
|
Server
|
8
|
07002
|
||
IPS
|
2019-03-01 15:29:29
|
Signatures
|
Drop
|
192.168.131.253
|
172.16.0.7
|
45069
|
SERVER-SAMBA Samba write andx command memory leak attempt
|
server-samba
|
Windows
|
Server
|
8
|
07002
|
||
IPS
|
2019-03-01 15:24:16
|
Signatures
|
Drop
|
192.168.131.253
|
172.16.0.7
|
45069
|
SERVER-SAMBA Samba write andx command memory leak attempt
|
server-samba
|
Windows
|
No IPS on this firewall Rule ( 8 )
console> show ips_conf
config stream 1
config maxsesbytes 0
config stdsig 1
config qnum 10
config maxpkts 8
config disable_tcpopt_experimental_drops 0
config mmap 0
config enable_appsignatures 1
config mmapfilepath 1
config failclose off
config memmode 1
var SEARCH_METHOD hyperscan
var SIP_STATUS enabled
var IGNORE_CALL_CHANNEL enabled
var TCP_POLICY windows
var LOCAL_RULE local.rules
config cpulist 0:1
var TCP_BLOCK nblock
var DETECT_ANOMALIES no
Errors when Sharing files
With IPS Service Stoped , the fole share works fine
Firmware Version (SFOS 17.5.1 MR-1)
Eren ERTAS
Sophos Certified Trainer & Architect
Presales & Project Manager of DMZ Bilisim LTD STI
Hey Eren Ertas
Would it be possible to please enable the support access tunnel on your appliance and PM me with the ID? I'd like to take a closer look at your reports.
Thanks!
Hi rdebraga
Your issue looks to be a different one, as the IPS signature being triggered is listed:
I would also request for you to enable the support access tunnel on your appliance and PM me with the ID for a closer look.
Thanks!
Hey ShunzeLee
Have you tried to troubleshoot by disabling this setting?