IDP block VPN access

kyssling
kyssling Posts: 68  Ally Member
Hello, can anybody help me and explain best fix solution ?

After upgrade USG110 to FW4.65/or update IDP to 3.2.4.268, computer from our LAN
cannot join to external VPN, using VPN from Windows 10 (before two weeks is connected OK).

On router :
warn,idp,ACCESS BLOCK,lan1,wan1,tcp,Rule_id=20 SSI=N [type=Sig(1139379)] EXPLOIT PPTP Echo Request Buffer Overflow (CVE-2003-0213) Action: Reject Both Severity: high
https://threatintelligence.zyxel.com/idp

Ii this false detection ? Or is safe Disable this item from IDP ?
What i can do (create exception) ?

Thanks for help !

Best Answer

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 198  Zyxel Employee
    Accepted Answer

    Hi @kyssling

    Currently, our latest IDP service doesn’t include this signature.

    Thanks.

Answers

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 198  Zyxel Employee

    Hi @kyssling

    Could you provide the reproduced procedures to us?

    Which VPN connection method you used on your Windows 10 PC?  L2TP or SSL VPN?

    BTW, if that would impact your VPN service, you could inactivate the IDP signature 1139379 temporarily.


  • kyssling
    kyssling Posts: 68  Ally Member
    Hello, very thanks for fast answer, i try it on monday or wednesday (when user is on our Lan, from home he is connect to VPN without problem)  and write feedback.
  • kyssling
    kyssling Posts: 68  Ally Member
    edited August 11
    Hello, sorry for delay, but external worker have holiday ...
    Today i try VPN connection and connect to external VPN is running without any problem.
    (She use PPTP protocol)

    So I search on IDP : [type=Sig(1139379)] EXPLOIT PPTP Echo Request Buffer Overflow (CVE-2003-0213) and NONE found...

    Can you confirm that this signature is deleted on IDP update 3.2.4.269/3.2.4.270 ?
    (on IDP to 3.2.4.268 this signature exist)

    Thanks Vaclav

Security Highlight