Results 1 to 6 of 6
  1. #1
    Untangler
    Join Date
    Dec 2018
    Posts
    89

    Default Laptop keeps getting blocked by IPS for "UT Possible TCP DoS" when trying to log?

    This was working fine until recently but now in Chrome I keep getting blocked by the IPS when attempting to log in.

    Any ideas?



    192.168.1.105 is my laptop and 192.168.1.1 is the router.
    DoS.JPG
    Last edited by jlficken; 01-11-2019 at 08:10 PM.

  2. #2
    Untangler
    Join Date
    Dec 2018
    Posts
    89

    Default

    IE started doing it to.

    Rebooting the router fixed it for both browsers. It had only been up for a little under 3 days so that's a little concerning



    ETA: Disregard as the issue came back basically immediately.
    Last edited by jlficken; 01-11-2019 at 07:34 PM.

  3. #3
    Untangler
    Join Date
    Dec 2018
    Posts
    89

    Default

    I wound up copying the "High Priority" rule in IPS and removing the attempted-dos category.

    Could there be a problem with the signature that I referenced as it only seems to trigger when I attempt to log in and it does it from other machines too? I never saw it happen until today.

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    7,673

    Default

    IPS rules regex pattern so it is not ever going to be 100% reliable. Just the nature of IPS.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangler
    Join Date
    Dec 2018
    Posts
    89

    Default

    That makes sense I was just confused as to why it just started being an issue now with my laptop after a couple of weeks.

    I just made a new rule excluding DoS and another rule including DoS but ignoring my internal LAN.

  6. #6
    Newbie
    Join Date
    Jan 2019
    Posts
    1

    Default

    Quote Originally Posted by jlficken View Post
    That makes sense I was just confused as to why it just started being an issue now with my laptop after a couple of weeks.

    I just made a new rule excluding DoS and another rule including DoS but ignoring my internal LAN.

    How did you accomplish this? I tried copying the critical and high rules and adding source IP != $HOME_NET which didn't work also tried doing does not contain and using 192.168. and the rules still kept flagging my internal traffic as dos.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2