Hi ,
That's the only thing what i have in my IPS log:
(what is the newest pattern file ? i got 203539. i supect, that the firewall also stopped the autom. downloading
where can i download those files manual?)
2021:09:14-19:26:22 matrix snort[17913]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3>
2021:09:14-19:26:22 matrix snort[17913]: Preprocessor Object: SF_SIP Version 1.1 <Build 1>
2021:09:14-19:26:22 matrix snort[17913]: Preprocessor Object: SF_POP Version 1.0 <Build 1>
2021:09:14-19:26:22 matrix snort[17913]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1>
2021:09:14-19:26:22 matrix snort[17913]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1>
2021:09:14-19:26:22 matrix snort[17913]: Preprocessor Object: SF_GTP Version 1.1 <Build 1>
2021:09:14-19:26:22 matrix snort[17913]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1>
2021:09:14-19:26:22 matrix snort[17913]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9>
2021:09:14-19:26:22 matrix snort[17913]: Commencing packet processing (pid=17913)
2021:09:14-19:26:22 matrix snort[17913]: Decoding Raw IP4
on the other side i get bombarded with this:
14-Sep-2021 19:04:35.780 client @0x7fd050000cc8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:37.348 client @0x7fd05c015a78 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:37.500 client @0x7fd050000cc8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:39.788 client @0x7fd050000cc8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:40.364 client @0x7fd05c0104c8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:40.628 client @0x7fd050000cc8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:41.860 client @0x7fd05c0104c8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:44.396 client @0x7fd05c0104c8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:44.852 client @0x7fd050000cc8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:45.204 client @0x7fd050000cc8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:45.304 client @0x7fd05c0104c8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:45.444 client @0x7fd050000cc8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:48.103 client @0x7fd050005088 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:49.523 client @0x7fd05c0104c8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:49.639 client @0x7fd050005088 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:49.839 client @0x7fd05c0104c8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
14-Sep-2021 19:04:51.667 client @0x7fd05c0104c8 81.108.32.209#80 (pizzaseo.com): query (cache) 'pizzaseo.com/RRSIG/IN' denied
so what's wrong with the IPS, that should be block via IPS !
This thread was automatically locked due to age.
