USG FLEX 700 - Massive IPS malicious connection attempts
Master Member
BTW, this morning updated to v5.36(ABWD.2)
Due to the recent bad experiences of other users we regularly check the condition of our USG. And at the moment we're experiencing massive IPS malicious connection attempts.
The IPS monitor page is showing signature ID 9262344, named "Cs". But the link to Zyxel's encyclopedia shows "no data vailable".
What kind of connection attempt should it be? Or is it a false positive?
Accepted Solution
-
We don't add the IPS custom signature profile to the official firmware. And the default name of IPS custom Signature Rule is "Cs", so I thought maybe it was created by the client and he forgot.
0
Zyxel Employee
All Replies
-
After further investigation we found a Custom Signature Rule named "Cs" with this ID. But we cannot remember established this custom rule by ourselves:
Has anybody an idea whether this has been added automatically by the last FW updates, or what sense such a rule should have? Therein is nothing ticked.
0 -
We don't add the IPS custom signature profile to the official firmware. And the default name of IPS custom Signature Rule is "Cs", so I thought maybe it was created by the client and he forgot.
0
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 165 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 365 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
