USG FLEX 700 - Massive IPS malicious connection attempts
Master MemberBTW, this morning updated to v5.36(ABWD.2)
Due to the recent bad experiences of other users we regularly check the condition of our USG. And at the moment we're experiencing massive IPS malicious connection attempts.
The IPS monitor page is showing signature ID 9262344, named "Cs". But the link to Zyxel's encyclopedia shows "no data vailable".
What kind of connection attempt should it be? Or is it a false positive?
All Replies
-
After further investigation we found a Custom Signature Rule named "Cs" with this ID. But we cannot remember established this custom rule by ourselves:
Has anybody an idea whether this has been added automatically by the last FW updates, or what sense such a rule should have? Therein is nothing ticked.
0 -
We don't add the IPS custom signature profile to the official firmware. And the default name of IPS custom Signature Rule is "Cs", so I thought maybe it was created by the client and he forgot.
0
Zyxel Employee
Categories
- 8.5K All Categories
- 1.6K Nebula
- 71 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 984 Switch
- 46 Switch Ideas
- 882 WirelessLAN
- 23 WLAN Ideas
- 5.2K Consumer Product
- 157 Service & License
- 280 News and Release
- 61 Security Advisories
- 13 Education Center
- 581 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 75 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 68 About Community
- 46 Security Highlight
