Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 38 subscribers
  • Views 2011 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG identifies Wireguard VPN as NTP.

Prism

Hi,

Seriously, how is this even possible ?

How to replicate this:

  1. Run a Wireguard VPN (Server) over UDP/123.

Can we please get a signature update for It ?

Thanks!



This thread was automatically locked due to age.
Parents
  • 0

    Ii would suspect that the XG does not investigate the packets correctly. 90% of my NTP is classified as UDP 123 not reported as NTP. Also there are other intermittent mis-analyis because Apple access is occasionally called a VPN tunnel along with intermittent mail access being reported as an attack on a MS mail server (external).

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Ii would suspect that the XG does not investigate the packets correctly. 90% of my NTP is classified as UDP 123 not reported as NTP. Also there are other intermittent mis-analyis because Apple access is occasionally called a VPN tunnel along with intermittent mail access being reported as an attack on a MS mail server (external).

    Ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
Unfiltered HTML