USG FLEX 700 - Massive IPS malicious connection attempts
BTW, this morning updated to v5.36(ABWD.2)
Due to the recent bad experiences of other users we regularly check the condition of our USG. And at the moment we're experiencing massive IPS malicious connection attempts.
The IPS monitor page is showing signature ID 9262344, named "Cs". But the link to Zyxel's encyclopedia shows "no data vailable".
What kind of connection attempt should it be? Or is it a false positive?
Accepted Solution
-
We don't add the IPS custom signature profile to the official firmware. And the default name of IPS custom Signature Rule is "Cs", so I thought maybe it was created by the client and he forgot.
0
All Replies
-
After further investigation we found a Custom Signature Rule named "Cs" with this ID. But we cannot remember established this custom rule by ourselves:
Has anybody an idea whether this has been added automatically by the last FW updates, or what sense such a rule should have? Therein is nothing ticked.
0 -
We don't add the IPS custom signature profile to the official firmware. And the default name of IPS custom Signature Rule is "Cs", so I thought maybe it was created by the client and he forgot.
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 148 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight