|
Moderator
|
Join Date: Jul 2001
Location: southern California
Posts: 8,639
|
|
02-12-2012, 06:51 PM
I'm not seeing those alerts in my ips log at home (ASG 7.510), but I am seeing lots of:
Code:
2012:02:11-21:07:28 fw snort[8512]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="DNS TCP inverse query" group="241" srcip="192.168.101.13" dstip="192.168.101.1" proto="6" srcport="56965" dstport="53" sid="2922" class="Attempted Information Leak" priority="2" generator="1" msgid="0"
192.168.101.13 is my main PC (WinXP SP3)
and
192.168.101.1 is Astaro
Barry
__________________
http://JobOyster.com
http://DealBert.net
End-user since v1.x - ASL 8.3x, HP DL145, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
- ASL 7.5x, HP DL360G5, Xeon 5160, 3GB, RAID, gigE NICs, 50-IP Platinum License
- ASL 9.0x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD.
Netgear GS108T gigE VLAN switch & Astaro AP30 Access Point with VLANs.
100-IP Home Power User License. 15/5mbit FiOS internet.
|