Our old Sophos UTM is definitely a bit on the "too small" side by now, but still, we're trying to get things running for at least an extra year or so. Right now we occasionally have issues with the UTM CPU usage going up to 100%, to the point where the…

First alert we had from rule SID 20842 was on 23 Nov at 17:39 GMT. Since then have had 230 alerts to around 50 different Windows 10 hosts, all this rule, 29 different IP source addresses, all source port 80, various destination ports. Looking up the…

Hi, I'm seeing this logs on our SG 430 9.705-3 2021:02:02-09:57:08 firewall-2 ulogd[12675]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected"...... 2021:02:02-09:58:05 firewall-2 snort[3052]: WARNING: SMTP memcap exceeded…

Hi all. I have a custom built router using a Gigabyte J1900N-D3V board. To cut it short, inter-VLAN traffic is limited to about 200mbit, but the CPU utilization only ever hits ~30%. Of course standard snort does not take advantage of the multiple cores…

Hi, I am trying to run speedtests via speedtest_cli on one of my boxes to regularly check the actually available speed my ISP provides. Now the download speed is limited by my Sophos UTM box (9.510-4) by snort going to 100%. If I turn off IPS I…

Hello all, Do you know if Sophos will protect our network from the APT10 Operation Cloud Hopper Malware threat ? (link points to pdf document about the malware) https://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0ahUKEwjZs_udk9vUAhWF0RoKHbxIDqoQFggxMAI&url…

Hello, I updated the firmware of my UTM virtual appliance to 9.408-4 4 days ago. Today I got an email which reads as follows: Snort not running - restarted -- HA Status : HA MASTER (node id: 1) System Uptime : 3 days 5 hours 47 minutes System…

Hi, For the last month or two, I've been getting IPS alerts for EXPLOIT-KIT Angler exploit kit news uri structure https://www.snort.org/search?query=38439 everytime someone visits a certain site (backchina.com) as well as while I'm surfing misc…

Does anyone know what version of Snort the IPS uses? Snort/Cisco just had a vulnerability posted: http://www.theregister.co.uk/2016/03/31/cisco_snort_scramble_to_plug_malware_hole/ Just wondering if the UTM's are exposed as well??

Hello, I would like to write a firewall rule to drop all SSLv2 traffic attempting to travel through our UTM because of the DROWN vulnerability . We have a couple of servers susceptible to the attack and it would be nice to first block the attack at…

Hello, I was wondering if snort does some correlations ? I mean something like : dont alert if the rule A has matched, but only alert if the rule A has matched and then the rule B has also matched. Is Sophos able to do that or it does only match…