Browse By Tags

After update to version 9.719 IPS not working properly anymore. Every 10 minutes snort not running - restarted messages.

Our old Sophos UTM is definitely a bit on the "too small" side by now, but still, we're trying to get things running for at least an extra year or so. Right now we occasionally have issues with the UTM CPU usage going up to 100%, to the point where the…

Hello, our Sophos UTM 9 ( latest firmware 9.713-19 ) started to block backups of certain systems that always worked before. 2023:01:16-21:05:07 fwname snort[18187]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert…

Hallo zusammen, habe auf 2 unterschiedlichen SG's (9.711) jeweils die selbe IPS Meldung: SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt In der Beschreibung der Sid 1-59640 steht nur "This rule detects a crafted Kerberos…

Just installed Sopos UTM 9.707-5 in esxi vmware. When starting Intrusion Prevention I see in the console: /usr/bin/chroot: failed to run command '/sbin/snort' no such file or directory I have ssh'd in to the utm and checked, snort can't be found…

First alert we had from rule SID 20842 was on 23 Nov at 17:39 GMT. Since then have had 230 alerts to around 50 different Windows 10 hosts, all this rule, 29 different IP source addresses, all source port 80, various destination ports. Looking up the…

Hallo allerseits Ich habe heute gemerkt dass meine Sophos UTM Home meine neue 1Gbit Leitung ausbremst. Beim rumspielen habe ich festgestellt, dass das IPS das Problem ist. Im folgenden Thread " SG-210 ein- und ausgehende Internetgeschwindigkeit - German…

Hi, I'm seeing this logs on our SG 430 9.705-3 2021:02:02-09:57:08 firewall-2 ulogd[12675]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected"...... 2021:02:02-09:58:05 firewall-2 snort[3052]: WARNING: SMTP memcap exceeded…

Hi all. I have a custom built router using a Gigabyte J1900N-D3V board. To cut it short, inter-VLAN traffic is limited to about 200mbit, but the CPU utilization only ever hits ~30%. Of course standard snort does not take advantage of the multiple cores…

Hi, I am trying to run speedtests via speedtest_cli on one of my boxes to regularly check the actually available speed my ISP provides. Now the download speed is limited by my Sophos UTM box (9.510-4) by snort going to 100%. If I turn off IPS I…

Hello all, Do you know if Sophos will protect our network from the APT10 Operation Cloud Hopper Malware threat ? (link points to pdf document about the malware) https://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0ahUKEwjZs_udk9vUAhWF0RoKHbxIDqoQFggxMAI&url…

Hello, I updated the firmware of my UTM virtual appliance to 9.408-4 4 days ago. Today I got an email which reads as follows: Snort not running - restarted -- HA Status : HA MASTER (node id: 1) System Uptime : 3 days 5 hours 47 minutes System…

Hi, For the last month or two, I've been getting IPS alerts for EXPLOIT-KIT Angler exploit kit news uri structure https://www.snort.org/search?query=38439 everytime someone visits a certain site (backchina.com) as well as while I'm surfing misc…

Does anyone know what version of Snort the IPS uses? Snort/Cisco just had a vulnerability posted: http://www.theregister.co.uk/2016/03/31/cisco_snort_scramble_to_plug_malware_hole/ Just wondering if the UTM's are exposed as well??

Hello, I would like to write a firewall rule to drop all SSLv2 traffic attempting to travel through our UTM because of the DROWN vulnerability . We have a couple of servers susceptible to the attack and it would be nice to first block the attack at…

Hello, I was wondering if snort does some correlations ? I mean something like : dont alert if the rule A has matched, but only alert if the rule A has matched and then the rule B has also matched. Is Sophos able to do that or it does only match…