This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

prevent permanent IDS Alarming

Hello

I use a SG135 Firewall whichs works good, except I receive permanent IDS Low Attack from one specific host (see below) but even i put a block rule oder set the IDS to reject the packets the alarm comes again and again

How can i block the host permanently?

Intrusion Prevention Alert

An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future,
set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.

Details about the intrusion alert:

Message........: PUA-OTHER Known unwanted User-Agent string - PetalBot
Details........: https://www.snort.org/search?query=57634
Time...........: 2021-06-07 12:29:43
Packet dropped.: no
Priority.......: low
Classification.: Misc activity
IP protocol....: 6 (TCP)

Source IP address: 114.119.150.186 (petalbot-114-119-150-186.petalsearch.com)
Source port: 31770
Destination IP address: 192.168.1.80 
Destination port: 80 (http)
-- System Uptime : 14 days 0 hours 18 minutes System Load : 2.51 System Version : Sophos UTM 9.705-7 Please refer to the manual for detailed instructions.


This thread was automatically locked due to age.