Astaro User Bulletin Board
Go Back   Astaro User Bulletin Board > Closed Forums (read only) > ASG V7.500 BETA (closed)
Reload this Page [7.460][BUG][FIXED] IPS doesn't block
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Welcome to the Astaro User Bulletin Board.
If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 07-04-2009, 10:21 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 857
Default [7.406][bug]IPS doesn't block
Hi All

I specifically set IPS to block id 2101 (pic attached) but I just got an alert instead of blocked on my IPS

Code:
2009:07:04-22:10:15 stuffman snort[31805]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="218.213.238.230" dstip="86.164.253.43" proto="6" srcport="80" dstport="47115" sid="0" class="" priority="3" generator="129" msgid="1"
2009:07:04-22:10:16 stuffman snort[31805]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="218.213.238.230" dstip="86.164.253.43" proto="6" srcport="80" dstport="47115" sid="0" class="" priority="3" generator="129" msgid="1"
...........
2009:07:04-22:50:18 stuffman snort[31805]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="213.199.149.156" dstip="86.164.253.43" proto="6" srcport="80" dstport="54584" sid="0" class="" priority="3" generator="129" msgid="1"
2009:07:04-22:50:38 stuffman snort[31805]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="218.213.238.230" dstip="86.164.253.43" proto="6" srcport="80" dstport="60115" sid="0" class="" priority="3" generator="129" msgid="1"
2009:07:04-22:50:39 stuffman snort[31805]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="TCP Timestamp is outside of PAWS window" group="0" srcip="218.213.238.230" dstip="86.164.253.43" proto="6" srcport="80" dstport="60115" sid="0" class="" priority="3" generator="129" msgid="1"
Attached Images
File Type: png id 2101.png (15.4 KB, 16 views)
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
Last edited by wingman; 07-04-2009 at 10:52 PM.
  #2 (permalink)  
Old 07-04-2009, 10:22 PM
 
Join Date: Jun 2009
Posts: 0
Default
Code:
Astaro Beta Report
--------------------------------
Version: 7.460
Type: BUG
State: FIXED
Reporter: wingman
Contributor: 
MantisID: 0010820
--------------------------------
Last edited by andyk007; 09-25-2009 at 03:02 PM.
  #3 (permalink)  
Old 07-06-2009, 09:43 AM
Wizard
  
Join Date: Dec 2006
Posts: 653
Default
thanks for this hint ;-) I forwarded it to our R&D team

Greetings
Andreas
  #4 (permalink)  
Old 08-24-2009, 12:45 PM
RFCat_vk's Avatar
Wizard
  
Join Date: Aug 2005
Location: Victoria, Australia
Posts: 2,533
Default [7.480][BUG] supposedly blocked IM/P2P still gets through
Hi,
it used to be "tencent qq" which was the one I first reported, but it was only the odd packet or 2.
Tonight, 2 connections with gnutela.

Ian M
Attached Images
File Type: jpg supposed to be blocked.JPG (24.4 KB, 5 views)
__________________
Home Power User unlimited licence - v7.50x - AMD X2 5050e with 2gb,1 intel NIC, the onboard NIC and netgear gs108t with vlans.
  #5 (permalink)  
Old 09-03-2009, 10:36 PM
Super Moderator
  
Join Date: Feb 2009
Location: In a galaxy far far away
Posts: 857
Default
Quote:
Originally Posted by RFCat_vk View Post
Hi,
it used to be "tencent qq" which was the one I first reported, but it was only the odd packet or 2.
Tonight, 2 connections with gnutela.

Ian M
same issue on 7.490
__________________

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000
  #6 (permalink)  
Old 09-25-2009, 03:02 PM
Wizard
  
Join Date: Dec 2006
Posts: 653
Default
fixed in GA release
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT. The time now is 08:55 AM.

 
Contact Us - Astaro User Bulletin Board - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.


These pages are specifically maintained for the discussion of firewall issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases. issues within the Open Source community, and might already reflect new alpha/beta releases under development. Please refer to our product specifications for the functionality of the actual release. Discussions of new/enhanced functionality does not constitute a commitment of Astaro, to integrate this functionality into future releases.