Hello all,
since today the IPS has some strange detections and I receive periodically the notifications, until now approx. 130.
Unfortunately I can't figure out what the problem is.
---
Subject: [GQDN Gateway][WARN-850] Intrusion Prevention Alert
Intrusion Prevention Alert
Details about the intrusion alert:
Message........: ICMP Microsoft remote unauthenticated DoS/bugcheck vulnerability
Details........: Snort ::
Time...........: 2012:05:21-16:02:07
Packet dropped.: no
Priority.......: medium
Classification.: Attempted Denial of Service
IP protocol....: 1 (ICMP)
Source IP address: ***.***.***.1 (gateway)
Source port: 0
Destination IP address: ***.***.***.201 (FQDN Server)
Destination port: 0
---
System Version is 8.302.
I receive this notifacations for two server ***.***.***.200 and .201. Both servers are configured as DC and DNS.
Why the Astaro is initiating such requestes on Port 0?
Thoughts, comments, solutions are much appreciated.
Many thanks.
PSyc
since today the IPS has some strange detections and I receive periodically the notifications, until now approx. 130.
Unfortunately I can't figure out what the problem is.
---
Subject: [GQDN Gateway][WARN-850] Intrusion Prevention Alert
Intrusion Prevention Alert
Details about the intrusion alert:
Message........: ICMP Microsoft remote unauthenticated DoS/bugcheck vulnerability
Details........: Snort ::
Time...........: 2012:05:21-16:02:07
Packet dropped.: no
Priority.......: medium
Classification.: Attempted Denial of Service
IP protocol....: 1 (ICMP)
Source IP address: ***.***.***.1 (gateway)
Source port: 0
Destination IP address: ***.***.***.201 (FQDN Server)
Destination port: 0
---
System Version is 8.302.
I receive this notifacations for two server ***.***.***.200 and .201. Both servers are configured as DC and DNS.
Why the Astaro is initiating such requestes on Port 0?
Thoughts, comments, solutions are much appreciated.
Many thanks.
PSyc