رد مع اقتباساخى الكريم هل تقصد ان هناك attacks تحدث على ال FortiGate الخاص بك ام ماذا على العموم ان كان هذا شىء متكرر يمكنك استشارة الvendor الذى قمت بشراء الجهاز منه لان هذا سيفيدك اكثر
لخبراء IPS
السلام عليكم
باختصار شديد انا اعاني من IPS attack , و الرسالة التي تظهر لي باستمرار هي:
netbios: SMB.TreeConn.AndX.Deny.445
لابد من ذكر انني استخدم FortiGate و الattack يتجه من سرفر لاخر
أريد أن أعرف سببه و كيفية ايقافه..
شكرااااااا...
اخى الكريم هل تقصد ان هناك attacks تحدث على ال FortiGate الخاص بك ام ماذا على العموم ان كان هذا شىء متكرر يمكنك استشارة الvendor الذى قمت بشراء الجهاز منه لان هذا سيفيدك اكثر
Knowledge is belong to human
لا , الattack يحدث ما بين server & another server موجودين في 2 VLAN مختلفين , و log file يبين حدوثه مرااااااااات كثيرة خلال اليوم الواحد...!!
و الان يوجد attack اخر:
misc: Firewall-1.UDP.Port.Zero.DoS
شكرا جزيلا اخي.
انا اريد ان افهم شىء هل ال attack يحدث مباشرة على ال IPS الخاص بك ام ان ال IPS لا يشعر بهذه ال attack ؟ ام ان ال traffic لا يمر به اصلا ؟ ارجو التوضيح
Knowledge is belong to human
please let me write in english becose of my bad Aarabic Typing.
The attackes are going from one server to another, the two servers are in different VLANs (networs) so that the FortiGate catches it and show it in the Log File.
The FortiGate is a firewall with AntiVirus , AntiSPAM and IPS filters.
When it catches something (IPS-Virus-...etc) it tells me and it also can send emails.
The problem is not where the attaches coming from or where it is catched, all i want to know is: what dose these attckes do, or what dose it mean.
misc: Firewall-1.UDP.Port.Zero.DoS
netbios: SMB.TreeConn.AndX.Deny.445
anyway, dont buther your self with it, it didnt pass through my network
Thank you very much.
Regards
Mahmoud
that is great
look man about the first attack which is
misc: Firewall-1.UDP.Port.Zero.DoS
indicates that Denial-of-Service (DoS) vulnerability in Check Point Software
affected products are :
Check Point Software Firewall-1 versions 3.0 and 4.0
to protect ur self simply update and applay patches to your system
--------------------------------------------------------------------------------------------
for the second attack
netbios: SMB.TreeConn.AndX.Deny.445
it was simply a brute force attack on you system
HTH
Knowledge is belong to human
رد: لخبراء IPS
--------------------------------------------------------------------------------
that is great
look man about the first attack which is
misc: Firewall-1.UDP.Port.Zero.DoS
indicates that Denial-of-Service (DoS) vulnerability in Check Point Software
affected products are :
Check Point Software Firewall-1 versions 3.0 and 4.0
to protect ur self simply update and applay patches to your system
BUT MAN, I DONT HAVE A CHECK POINT BOX OVER HERE?!?!?!
HOW DID YOU KNOW THAT THIS IS AN ATTACK TO THE CHECK POINT APPLIANCE?!
--------------------------------------------------------------------------------------------
for the second attack
netbios: SMB.TreeConn.AndX.Deny.445
it was simply a brute force attack on you system
SIMPLY KIDA YA3NY 3ADY YA3NY?!?!??!
HOW DID YOU KNOW THAT IT IS A BRUTE FORCE ATTACK???
HTH
WHAT IS hth ?!?!
MANY Q.s , HuH?
THANKS MAN.
HTH == Hope That Helps
Knowledge is belong to human
okz, many thanks , dear. Mahnmoud
ضوابط المشاركة
المفضلات