View Single Post
BarryG BarryG is offline
Moderator
Join Date: Jul 2001
Location: southern California
Posts: 12,060
#2 (permalink)  
Old 02-12-2012, 06:51 PM
Default

I'm not seeing those alerts in my ips log at home (ASG 7.510), but I am seeing lots of:

Code:
2012:02:11-21:07:28 fw snort[8512]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="DNS TCP inverse query" group="241" srcip="192.168.101.13" dstip="192.168.101.1" proto="6" srcport="56965" dstport="53" sid="2922" class="Attempted Information Leak" priority="2"  generator="1" msgid="0"
192.168.101.13 is my main PC (WinXP SP3)
and
192.168.101.1 is Astaro

Barry
__________________
http://BlogSec.net
http://JobOyster.com
http://DealBert.net
IT Consultant specializing in high-performance Web Infrastructure and Security.
Astaro End-user since v1.x
  • ASL 9.2x, HP DL360G5 - FW, IPS, VPNs
  • ASL 9.2x, 2 Dell 1950's as WAF/proxy w HA
  • UTM 9.1x, Atom n270, 2GB RAM, 2 Intel GigE
    Netgear GS108T gigE switch & Astaro AP30 Access Point with 4 VLANs.
    60/60mbit FiOS internet.
  • Pending - UTM 9.2x, i5-4670, 4GB RAM, 2 Intel GigE
    Needs new NIC drivers before deploying
Reply With Quote