This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion protection alert SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1679 attack attempt

Hello,

our Sophos UTM 9 ( latest firmware 9.713-19 ) started to block backups of certain systems that always worked before.

2023:01:16-21:05:07 fwname snort[18187]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1679 attack attempt" group="500" srcip="SERVER1" dstip="FILESERVER" proto="6" srcport="59857" dstport="445" sid="60967" class="Attempted Denial of Service" priority="2" generator="1" msgid="0"

This is the only thing I can see in the logs. These backups have always worked before but now the Firewall keeps blocking them.

There is no information as to what is being blocked and I have found nothing about TRUFFLEHUNTER on the internet. I have also not found this rule id on the snort website.

Does anybody have any idea what is causing this ? Could this is a false positive ? The destination is always a fileserver, could it be a file on the fileserver ? Is there a way to find out more details as to what exactly is being blocked ? 



This thread was automatically locked due to age.