This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion Prevention Alert - The packet has *not* been dropped

Ok, so how specifically do I 'set the corresponding intrusion protection rule to "drop" in WebAdmin' per the alert email below I received?

  • There is no 'rule' identified in the alert. Am I supposed to infer that 58442 in the snort link is the rule ID?
    • (btw, the snort link returns no search results)
  • All the rules checked under Network Protection > Intrusion Prevention > Attack Patterns are already set to 'Drop'.
  • Do I go to Network Protection > Intrusion Prevention > Advanced > Manual Rule Modification and add 58442 as 'Drop'? 
    • If so, is why did setting all Attack Patterns as 'Drop' not also set this rule to 'Drop'?
    • Also, is there a list of all these rules somewhere in Webadmin?

Intrusion Prevention Alert

An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future, set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.

Details about the intrusion alert:

Message........: SERVER-OTHER Cisco ASA and FTD denial of service attempt
Details........: www.snort.org/search
Time...........: 2021-11-06 18:49:23
Packet dropped.: no
Priority.......: medium
Classification.: Attempted Denial of Service IP protocol....: 6 (TCP)



This thread was automatically locked due to age.
Parents Reply Children
No Data