This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS blocks - False Positive

Hello together!

IPS blocks many services like steam etc..
In the Logfile i always find this two Rules..


2013:10:01-21:58:09 ******X-1 snort[8259]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="FILE-OTHER Multiple products ZIP archive virus detection bypass attempt" group="500" srcip="23.0.174.48" dstip="192.***.***.***" proto="6" srcport="80" dstport="58919" sid="26926" class="Potentially Bad Traffic" priority="2" generator="1" msgid="0"

2013:10:01-21:58:23 ******X-1 snort[8259]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="FILE-OTHER Multiple products ZIP archive virus detection bypass attempt" group="500" srcip="23.0.174.48" dstip="192.***.***.***" proto="6" srcport="80" dstport="58919" sid="26989" class="Potentially Bad Traffic" priority="2" generator="1" msgid="0" 
 
 


If i disable this two Rules everything works fine! But what are this two rules?
And why must I  constantly exclude any rules?


This thread was automatically locked due to age.
Parents Reply Children
No Data