Increase in IPS events

shaazaminatorshaazaminator
in Technical Discussion

Hi Community,

Just wondering if anyone, or everyone, is experiencing an increase in IPS events on their Fireboxes.

It used to be I would see a dozen or so a month, now I'm almost getting that daily.

Just curious.

  • Doug

It's usually something simple.

Comments

  • Bruce_BriggsBruce_Briggs
    Just curious - any specific signature ID that you are seeing a lot?
  • shaazaminatorshaazaminator

    These are the top culprits for the past seven days, with 1133253 being the most detections. It's a Linux or Open BSD exploit.

    1133253

    1138920

    1130593

    1056055

    It's usually something simple.

  • Bruce_BriggsBruce_Briggs

    Interesting - none of these are recent - not what I would have expected.

    1133253 Release date: 2016-11-30 no CVE for this Linux/Unix bug

    1138920 Release date: 2021-03-30 CVE-2021-3449 OpenSSL bug

    1130593 Release Date: 2015-04-14 CVE-2015-1635 Microsoft IIS bug

    1056055 Release Date: 2012-05-04 CVE-2012-1823 PHP bug

  • james.carsonjames.carson Moderator, WatchGuard Representative

    It's not uncommon for attacks to ebb and flow as the folks running the exploits adjust what works vs what doesn't.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.