IDP block VPN access

kyssling
kyssling Posts: 107  Ally Member
First Comment First Answer Friend Collector Sixth Anniversary
in Security
Hello, can anybody help me and explain best fix solution ?

After upgrade USG110 to FW4.65/or update IDP to 3.2.4.268, computer from our LAN
cannot join to external VPN, using VPN from Windows 10 (before two weeks is connected OK).

On router :
warn,idp,ACCESS BLOCK,lan1,wan1,tcp,Rule_id=20 SSI=N [type=Sig(1139379)] EXPLOIT PPTP Echo Request Buffer Overflow (CVE-2003-0213) Action: Reject Both Severity: high
https://threatintelligence.zyxel.com/idp

Ii this false detection ? Or is safe Disable this item from IDP ?
What i can do (create exception) ?

Thanks for help !

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @kyssling

    Currently, our latest IDP service doesn’t include this signature.

    Thanks.


    241015_Speak-up,-Win-WiFi-7_Community-CSO-signature_1920x200.jpg

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

All Replies

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary

    Hi @kyssling

    Could you provide the reproduced procedures to us?

    Which VPN connection method you used on your Windows 10 PC?  L2TP or SSL VPN?

    BTW, if that would impact your VPN service, you could inactivate the IDP signature 1139379 temporarily.



    241015_Speak-up,-Win-WiFi-7_Community-CSO-signature_1920x200.jpg

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

  • kyssling
    kyssling Posts: 107  Ally Member
    First Comment First Answer Friend Collector Sixth Anniversary
    Hello, very thanks for fast answer, i try it on monday or wednesday (when user is on our Lan, from home he is connect to VPN without problem)  and write feedback.
  • kyssling
    kyssling Posts: 107  Ally Member
    First Comment First Answer Friend Collector Sixth Anniversary
    edited August 2021
    Hello, sorry for delay, but external worker have holiday ...
    Today i try VPN connection and connect to external VPN is running without any problem.
    (She use PPTP protocol)

    So I search on IDP : [type=Sig(1139379)] EXPLOIT PPTP Echo Request Buffer Overflow (CVE-2003-0213) and NONE found...

    Can you confirm that this signature is deleted on IDP update 3.2.4.269/3.2.4.270 ?
    (on IDP to 3.2.4.268 this signature exist)

    Thanks Vaclav
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,230  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Hi @kyssling

    Currently, our latest IDP service doesn’t include this signature.

    Thanks.


    241015_Speak-up,-Win-WiFi-7_Community-CSO-signature_1920x200.jpg

    Share your feedback through our survey, make your voice heard, and win a WiFi 7 AP! https://bit.ly/2024_Survey_Community

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)