Keep receiving Sophos Critical Notification Alerts emails for Intrusion Prevention Alerts We use OpenDNS DNS Host Servers as our primary dns and secondary dns. All these alerts are all outbound traffic from desktop computers to OpenDNS DNS Host Servers…

Hi, Suddenly I am not able to access Internet because of below on my sophos xg FW. The source IP is sophos Interface to ISP. This suddenly happened a few hours ago. What do I need to do?

Hi there We're seeing some IPS alerts with SID number 1170419080 - "SERVER-ORACLE Oracle MySQL sql_authentication Integer Overflow". How can i find more information about this? On Sophos UTM i can look up the Snort ID and the alert email usually contains…

Hi, about Sophos IPS and recently hyped CVE Ping of death / bad neighbour: Snort has detections for the attack on CVE-2020-16898 / CVE-2020-16899 Those are: https://www.snort.org/rule_docs/1-55984 https://www.snort.org/rule_docs/1-55993 There…

Dear All, I have configured DOS policy and I can see the packet dropped by the DDOS but where I can see the logs? I tried to find out in IPS, System, Firewall logs but no luck. Please help

I need to see if sophos (XG or SG) gather some requirements but I can't find information about IDS, can someone tell me if sophos (XG or SG) have IDS

Dear All, There is an action in the IPS policy " Bypass Session" and as per documents " Bypass Session - Allows the entire session if detects any traffic that matches the signature." and recommendation for the same is: "To save resources and avoid…

I have noticed that my Tivo is being flagged by the IPS with "Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service." There were 27 instances yesterday, with 3 noted IP address targets. Is this a false positive or something that I should be concerned…

Hi, since I am using XG, I'am getting always IPS alerts, and I am concerned about, because I don't know the reason of these alerts. Are IPS alerts a alert about accessing websites with vulnerabilities or outdated software, or means an IPS alert…

Good morning everybody! I have many IPS alerts, is that normal? And not all of the victims IP's are in my network! I use LAN_TO_WAN standart IPS policy!