USG FLEX 700 - Massive IPS malicious connection attempts
BTW, this morning updated to v5.36(ABWD.2)
Due to the recent bad experiences of other users we regularly check the condition of our USG. And at the moment we're experiencing massive IPS malicious connection attempts.
The IPS monitor page is showing signature ID 9262344, named "Cs". But the link to Zyxel's encyclopedia shows "no data vailable".
What kind of connection attempt should it be? Or is it a false positive?
Accepted Solution
-
We don't add the IPS custom signature profile to the official firmware. And the default name of IPS custom Signature Rule is "Cs", so I thought maybe it was created by the client and he forgot.
0
All Replies
-
After further investigation we found a Custom Signature Rule named "Cs" with this ID. But we cannot remember established this custom rule by ourselves:
Has anybody an idea whether this has been added automatically by the last FW updates, or what sense such a rule should have? Therein is nothing ticked.
0 -
We don't add the IPS custom signature profile to the official firmware. And the default name of IPS custom Signature Rule is "Cs", so I thought maybe it was created by the client and he forgot.
0
Categories
- All Categories
- 347 Beta Program
- 2.1K Nebula
- 115 Nebula Ideas
- 77 Nebula Status and Incidents
- 5K Security
- 44 USG FLEX H Series
- 246 Security Ideas
- 1.2K Switch
- 64 Switch Ideas
- 900 WirelessLAN
- 33 WLAN Ideas
- 5.8K Consumer Product
- 204 Service & License
- 326 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.8K FAQ
- 832 Nebula FAQ
- 402 Security FAQ
- 219 Switch FAQ
- 190 WirelessLAN FAQ
- 45 Consumer Product FAQ
- 136 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 71 About Community
- 61 Security Highlight