RE: Concurrent Connection issue still in 9.350-12
Scoreboard is Full
After going through countless logs I kept finding logs pertaining to “scoreboard is full”. I started seeing this log when we started to see large amounts of traffic on the utm.
FYI: I currently utilize WAF and IPS on the utm.
…
Lots of IPS attacks lately One CNC Trufflehunter cant find much info on it (False Positive?)
We have been getting a LOT of IPS attacks lately. Getting Snort 38330 MALWARE-CNC TRUFFLEHUNTER SFVRT-1020 attack attempt from several internal IPs. Snort doesnt give much information.... is there a good chance these hosts are infected? Sophos Cloud AV…
Snort Vulnerability affect UTM IPS??
Does anyone know what version of Snort the IPS uses? Snort/Cisco just had a vulnerability posted: http://www.theregister.co.uk/2016/03/31/cisco_snort_scramble_to_plug_malware_hole/
Just wondering if the UTM's are exposed as well??
Issue with throughput - IPS exception do not work
I have a problem with bandwith when IPS is ON and exclusion is used, which do not work, as i get the same speed with or without exeption ON.
Copy from ftp to video IPS off:
Copy from ftp to video IPS on with exception:
IPS exception:
Copy…
ipsExceptions for false positives
Hi,
I have a 'MALWARE-OTHER Executable control panel file download request' false positive that I need to put an exception in for.
I don't want to exclude the entire rule or detection, just whitelist this host that is triggering the false positive…
DROWN Vulnerability: Blocking SSLv2 with UTM9
Hello,
I would like to write a firewall rule to drop all SSLv2 traffic attempting to travel through our UTM because of the DROWN vulnerability . We have a couple of servers susceptible to the attack and it would be nice to first block the attack at…
Slow OpenVPN (kinda fixed) - Help with exceptions
Hi,
So I have kind of fixed the slow ssl/openvpn issue, but I can't seem to find a way to put the exception in.
- Part 1 of the fix was to disable the UDP flood protection - get 1.5-2mbit (otherwise caps out ~0.5mbit) - Part 2 disable IPS get full…
Is it possible to add custom Snort rules to UTM 9
I am trying to add rules into the custom.rules file and added the inclusion for the custom.rule file to snort.conf
include $RULE_PATH/astaro.rules include $RULE_PATH/custom.rules however any modifications to chrooted files revert back upon restart of…
Snort IPS Throughput Performance Issue - Should I upgrade my CPU or Upgrade to XG Appliance?
Hi,
I'm new to the forum, but I've been reading up a bit on the Sophos UTM IPS performance issues - which I am experiencing, and looking for suggestions on how to possibly improve this problem. I have a 100mbps down/15mpbs up cable connection with 3…
Has anyone else seen decreased download speeds in the last 1-2 weeks with UTM 9.35?
I was consistently pulling down 100Mbits with my UTM 9.35 until last week. I can't say for sure if it was a pattern update or a firmware update, but I noticed that my speed tests were topping out at about 45Mbit down. I started poking around my cable…
How to get details on 2 attacks blocked : rule 32488
Hi,
I had 2 attacks blocked, it is a bummer that I can't drill down on the actual text, but I found more detail in the "Network Protection" menu under "IPS: Top Blocked Attacks"
I can figure out the host inside that tried to send the packet out…