This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS not blocking some attacks

We have a client that is getting hit with a bunch of random attacks lately. They have Symantec Endpoint Protection installed and are getting a ton of popups.

One example is: PHP CGI CVE-2012-1823

Another is Web Attack: Muieblackcat Scanner Request

I have everything enabled under IPS under the Attack Patterns tab but I do not see anywhere to block this specific attack. Is there a way to add these in?

Thanks!

This thread was automatically locked due to age.

Parents

0 darrellr over 6 years ago

Being such an old attack (2012 according to the CVE) the recommended settings would not be triggered anyway. I would not depend on the UTM for ALL IDS/IPS needs, if you need to be alerted to scanning attempts for very old stuff like that. I would offload to a standalone IDS/IPS instead.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 darrellr over 6 years ago

Being such an old attack (2012 according to the CVE) the recommended settings would not be triggered anyway. I would not depend on the UTM for ALL IDS/IPS needs, if you need to be alerted to scanning attempts for very old stuff like that. I would offload to a standalone IDS/IPS instead.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data