Page 3 of 3 FirstFirst 123
Results 21 to 24 of 24
  1. #21
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,118

    Default

    your graph isn't quite as damning, since you have many timeslots in the graph with no detections/blocks. if you set a more stuff to log or block it would show the hourly update outage much more clearly.

  2. #22
    Master Untangler
    Join Date
    May 2008
    Posts
    924

    Default

    Since you are seeing it once an hour it is probably run by a cron. Find it and close port 25 and reopen it after the process finishes? Any legitimate attempt will retry soon. The bad stuff will probably too but oh well.

  3. #23
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,118

    Default

    well I'm not really worried about this "ylmf-pc" attack actually doing anything to me - it's an SMTP AUTH attack, and I've disabled that on the mail server; also, 90% or more of the hosts in the botnet running this attack have no reverse DNS record, so the mail server refuses to talk to them anyway (that's what the log entries are referring to). so I don't actually care that this specific traffic is being allowed in for a couple of minutes every hour.

    but the fact that IPS goes offline and allows ALL traffic to pass undetected and unblocked for a couple of minutes, 24 times a day, should be alarming to every untangle user who expects IPS to do what it's supposed to do. What if you are using IPS to detect real intrusions, or block real attacks?

    Is it really ok that it flat out doesn't work 3 to 5 percent of the day?
    donhwyo likes this.

  4. #24
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,118

    Default

    just for the record, for anyone who ever reads this, everything in this thread is all fixed as of Untangle 14.1.1.

    end thread.

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2