السلام عليكم

باختصار شديد انا اعاني من IPS attack , و الرسالة التي تظهر لي باستمرار هي:
netbios: SMB.TreeConn.AndX.Deny.445
لابد من ذكر انني استخدم FortiGate و الattack يتجه من سرفر لاخر
أريد أن أعرف سببه و كيفية ايقافه..

شكرااااااا...

اخى الكريم هل تقصد ان هناك attacks تحدث على ال FortiGate الخاص بك ام ماذا على العموم ان كان هذا شىء متكرر يمكنك استشارة الvendor الذى قمت بشراء الجهاز منه لان هذا سيفيدك اكثر

لا , الattack يحدث ما بين server & another server موجودين في 2 VLAN مختلفين , و log file يبين حدوثه مرااااااااات كثيرة خلال اليوم الواحد...!!

و الان يوجد attack اخر:
misc: Firewall-1.UDP.Port.Zero.DoS

شكرا جزيلا اخي.

انا اريد ان افهم شىء هل ال attack يحدث مباشرة على ال IPS الخاص بك ام ان ال IPS لا يشعر بهذه ال attack ؟ ام ان ال traffic لا يمر به اصلا ؟ ارجو التوضيح

please let me write in english becose of my bad Aarabic Typing.
The attackes are going from one server to another, the two servers are in different VLANs (networs) so that the FortiGate catches it and show it in the Log File.

The FortiGate is a firewall with AntiVirus , AntiSPAM and IPS filters.

When it catches something (IPS-Virus-...etc) it tells me and it also can send emails.

The problem is not where the attaches coming from or where it is catched, all i want to know is: what dose these attckes do, or what dose it mean.


misc: Firewall-1.UDP.Port.Zero.DoS
netbios: SMB.TreeConn.AndX.Deny.445


anyway, dont buther your self with it, it didnt pass through my network ;)

Thank you very much.

Regards
Mahmoud

:) that is great
look man about the first attack which is
misc: Firewall-1.UDP.Port.Zero.DoS
indicates that Denial-of-Service (DoS) vulnerability in Check Point Software
affected products are :
Check Point Software Firewall-1 versions 3.0 and 4.0
to protect ur self simply update and applay patches to your system

--------------------------------------------------------------------------------------------

for the second attack
netbios: SMB.TreeConn.AndX.Deny.445
it was simply a brute force attack on you system

HTH :)

--------------------------------------------------------------------------------
that is great
look man about the first attack which is
misc: Firewall-1.UDP.Port.Zero.DoS
indicates that Denial-of-Service (DoS) vulnerability in Check Point Software
affected products are :
Check Point Software Firewall-1 versions 3.0 and 4.0
to protect ur self simply update and applay patches to your system


BUT MAN, I DONT HAVE A CHECK POINT BOX OVER HERE?!?!?!
HOW DID YOU KNOW THAT THIS IS AN ATTACK TO THE CHECK POINT APPLIANCE?!
--------------------------------------------------------------------------------------------

for the second attack
netbios: SMB.TreeConn.AndX.Deny.445
it was simply a brute force attack on you system

SIMPLY KIDA YA3NY 3ADY YA3NY?!?!??! :))))))))
HOW DID YOU KNOW THAT IT IS A BRUTE FORCE ATTACK???


HTH
WHAT IS hth ?!?!

MANY Q.s , HuH?

THANKS MAN.

HTH == Hope That Helps :)

okz, many thanks , dear. Mahnmoud