This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS - SERVER-APACHE Apache httpd CVE-2019-0190 mod_ssl TLS Renegotiation Denial of Service

Hej,

with me the IPS block at nearly all *.teamviewer.com addresses. This hampers the functionality of it. Does any of you have the same problem?

messageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="13" fw_rule_id="2" user="" sig_id="1000549" message="SERVER-APACHE Apache httpd CVE-2019-0190 mod_ssl TLS Renegotiation Denial of Service" classification="Attempted User Privilege Gain" rule_priority="3" src_ip="x.x.x.x" src_country="DEU" dst_ip="94.16.6.167" dst_country="DEU" protocol="TCP" src_port="30480" dst_port="443" OS="BSD,Linux,Mac,Other,Solaris,Unix,Windows" category="server-apache" victim="Server"

This thread was automatically locked due to age.

0 Keyur over 6 years ago

Hi Steppenwolf

The destination IP belongs to ripe.net and detection is from Rule ID=2.

I would recommend to contact technical support and open a service request to investigate the issue further. Would you please check IPS logs for these events in the log viewer of the firewall for the IPS component.

Regards,

Keyur
Community Support Engineer | Sophos Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question use the 'This helped me' link