IDP block VPN access

kyssling
kyssling Posts: 102  Ally Member
First Anniversary 10 Comments Friend Collector First Answer
Hello, can anybody help me and explain best fix solution ?

After upgrade USG110 to FW4.65/or update IDP to 3.2.4.268, computer from our LAN
cannot join to external VPN, using VPN from Windows 10 (before two weeks is connected OK).

On router :
warn,idp,ACCESS BLOCK,lan1,wan1,tcp,Rule_id=20 SSI=N [type=Sig(1139379)] EXPLOIT PPTP Echo Request Buffer Overflow (CVE-2003-0213) Action: Reject Both Severity: high
https://threatintelligence.zyxel.com/idp

Ii this false detection ? Or is safe Disable this item from IDP ?
What i can do (create exception) ?

Thanks for help !

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Hi @kyssling

    Currently, our latest IDP service doesn’t include this signature.

    Thanks.

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi @kyssling

    Could you provide the reproduced procedures to us?

    Which VPN connection method you used on your Windows 10 PC?  L2TP or SSL VPN?

    BTW, if that would impact your VPN service, you could inactivate the IDP signature 1139379 temporarily.


  • kyssling
    kyssling Posts: 102  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    Hello, very thanks for fast answer, i try it on monday or wednesday (when user is on our Lan, from home he is connect to VPN without problem)  and write feedback.
  • kyssling
    kyssling Posts: 102  Ally Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited August 2021
    Hello, sorry for delay, but external worker have holiday ...
    Today i try VPN connection and connect to external VPN is running without any problem.
    (She use PPTP protocol)

    So I search on IDP : [type=Sig(1139379)] EXPLOIT PPTP Echo Request Buffer Overflow (CVE-2003-0213) and NONE found...

    Can you confirm that this signature is deleted on IDP update 3.2.4.269/3.2.4.270 ?
    (on IDP to 3.2.4.268 this signature exist)

    Thanks Vaclav
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,039  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    Hi @kyssling

    Currently, our latest IDP service doesn’t include this signature.

    Thanks.

Security Highlight