USG FLEX 700 - Massive IPS malicious connection attempts

USG_User
USG_User Posts: 369  Master Member
First Anniversary 10 Comments Friend Collector First Answer
edited May 2023 in Security

BTW, this morning updated to v5.36(ABWD.2)

Due to the recent bad experiences of other users we regularly check the condition of our USG. And at the moment we're experiencing massive IPS malicious connection attempts.

The IPS monitor page is showing signature ID 9262344, named "Cs". But the link to Zyxel's encyclopedia shows "no data vailable".

What kind of connection attempt should it be? Or is it a false positive?

Accepted Solution

  • Zyxel_James
    Zyxel_James Posts: 610  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    We don't add the IPS custom signature profile to the official firmware. And the default name of IPS custom Signature Rule is "Cs", so I thought maybe it was created by the client and he forgot.

All Replies

  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited May 2023

    After further investigation we found a Custom Signature Rule named "Cs" with this ID. But we cannot remember established this custom rule by ourselves:

    Has anybody an idea whether this has been added automatically by the last FW updates, or what sense such a rule should have? Therein is nothing ticked.

  • Zyxel_James
    Zyxel_James Posts: 610  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓

    We don't add the IPS custom signature profile to the official firmware. And the default name of IPS custom Signature Rule is "Cs", so I thought maybe it was created by the client and he forgot.

Security Highlight