Thread Info
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 1995 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Intrusion Prevention Alert - The packet has *not* been dropped

Tagin

Ok, so how specifically do I 'set the corresponding intrusion protection rule to "drop" in WebAdmin' per the alert email below I received?

  • There is no 'rule' identified in the alert. Am I supposed to infer that 58442 in the snort link is the rule ID?
    • (btw, the snort link returns no search results)
  • All the rules checked under Network Protection > Intrusion Prevention > Attack Patterns are already set to 'Drop'.
  • Do I go to Network Protection > Intrusion Prevention > Advanced > Manual Rule Modification and add 58442 as 'Drop'? 
    • If so, is why did setting all Attack Patterns as 'Drop' not also set this rule to 'Drop'?
    • Also, is there a list of all these rules somewhere in Webadmin?

Intrusion Prevention Alert

An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future, set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.

Details about the intrusion alert:

Message........: SERVER-OTHER Cisco ASA and FTD denial of service attempt
Details........: www.snort.org/search
Time...........: 2021-11-06 18:49:23
Packet dropped.: no
Priority.......: medium
Classification.: Attempted Denial of Service IP protocol....: 6 (TCP)



This thread was automatically locked due to age.
Parents

  • Found this. UTM Help says:

    Note – To change the settings for individual IPS rules, use the Modified Rules box on the Intrusion Prevention > Advanced tab. A detailed list of IPS rules used in Sophos UTM 9 is available at the Sophos webserver.

     However, that link (http://www.astaro.com/lists) returns a bad page:

    This XML file does not appear to have any style information associated with it. The document tree is shown below.
<Error>
<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>NX73ZX6Y43T3HA2P</RequestId>
<HostId>vsHkrK+E6+xcAdEgihtWn04aXsW/aXZgpwWF4uXghHfExtE+xEZn53zDEoAIpZCfEa/5l0z4ZdY=</HostId>
</Error>

  • in reply to Tagin

    To follow up, the problem with the bad URL was partially also due to browser type:

    - Brave browser redirected incorrectly to: https://lists.astaro.com// (ending in double-slash)

    - Chrome browser redirected correctly to https://lists.astaro.com/ (ending in single-slash)

Reply Children
No Data
Unfiltered HTML