Skip to Content.
Sympa Menu

cacert-de - Warnmeldungen beim Zugriff auf svn.cacert.org

Subject: Deutschsprachige CAcert Support Liste

List archive

Warnmeldungen beim Zugriff auf svn.cacert.org


Chronological Thread 
  • From: Juergen Bruckner <jbruckner AT cacert.org>
  • To: cacert-de AT lists.cacert.org, cacert-support AT lists.cacert.org
  • Subject: Warnmeldungen beim Zugriff auf svn.cacert.org
  • Date: Mon, 09 Sep 2013 14:20:21 +0200

Ich schreibe absichtlich sowohl an die support-List als auch an die de-List.


Hallo Leute!

Kann sich da jemand von euch einen Reim drauf machen?
Für mich sehen die Meldungen sehr stark nach false positive aus.

-------- Original-Nachricht --------
Betreff: [astaro.vlan2.####.net][WARN-852] Intrusion Prevention Alert
(Packet dropped)
Datum: Mon, 9 Sep 2013 09:32:41 +0200
Von: Firewall Notification System
<do-not-reply AT fw-notify.net>
An: <anonymus>


Intrusion Prevention Alert

An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.

Details about the intrusion alert:

Message........: FILE-OTHER Multiple products ZIP archive virus
detection bypass attempt
Details........: http://www.snort.org/search/sid/26989?r=1
Time...........: 2013-09-09 09:32:41
Packet dropped.: yes
Priority.......: medium
Classification.: Potentially Bad Traffic
IP protocol....: 6 (TCP)

Source IP address: 213.154.225.238 (oophaga-11.colo.bit.nl)
- http://www.dnsstuff.com/tools/ptr.ch?ip=213.154.225.238
- http://www.ripe.net/perl/whois?query=213.154.225.238
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=213.154.225.238
- http://cgi.apnic.net/apnic-bin/whois.pl?search=213.154.225.238
Source port: 80 (http)
Destination IP address: 91.118.##.## (###.####.net)
- http://www.dnsstuff.com/tools/ptr.ch?ip=91.118.##.##
- http://www.ripe.net/perl/whois?query=91.118.##.##
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=91.118.##.##
- http://cgi.apnic.net/apnic-bin/whois.pl?search=91.118.##.##
Destination port: 37855

-- System Uptime : 18 days 10 hours 28 minutes System Load : 0.17 System Version : Sophos UTM 9.105-9 Please refer to the manual for detailed instructions.

###


-------- Original-Nachricht --------
Betreff: [astaro.vlan2.####.net][CRIT-852] Intrusion Prevention Alert
(Packet dropped)
Datum: Mon, 9 Sep 2013 09:43:54 +0200
Von: Firewall Notification System
<do-not-reply AT fw-notify.net>
An: <anonymous>


Intrusion Prevention Alert

An intrusion has been detected. The packet has been dropped automatically.
You can toggle this rule between "drop" and "alert only" in WebAdmin.

Details about the intrusion alert:

Message........: FILE-PDF Foxit Reader title overflow attempt
Details........: http://www.snort.org/search/sid/20445?r=1
Time...........: 2013-09-09 09:43:54
Packet dropped.: yes
Priority.......: high
Classification.: Attempted User Privilege Gain
IP protocol....: 6 (TCP)

Source IP address: 213.154.225.238 (oophaga-11.colo.bit.nl)
- http://www.dnsstuff.com/tools/ptr.ch?ip=213.154.225.238
- http://www.ripe.net/perl/whois?query=213.154.225.238
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=213.154.225.238
- http://cgi.apnic.net/apnic-bin/whois.pl?search=213.154.225.238
Source port: 80 (http)
Destination IP address: 91.118.##.## (###.####.net)
- http://www.dnsstuff.com/tools/ptr.ch?ip=91.118.##.##
- http://www.ripe.net/perl/whois?query=91.118.##.##
- http://ws.arin.net/cgi-bin/whois.pl?queryinput=91.118.##.##
- http://cgi.apnic.net/apnic-bin/whois.pl?search=91.118.##.##
Destination port: 33667

-- System Uptime : 18 days 10 hours 40 minutes System Load : 0.14 System Version : Sophos UTM 9.105-9 Please refer to the manual for detailed instructions.


lg
Jürgen

Attachment: smime.p7s
Description: S/MIME Kryptografische Unterschrift



  • Warnmeldungen beim Zugriff auf svn.cacert.org, Juergen Bruckner, 09/09/2013

Archive powered by MHonArc 2.6.18.

Top of Page