Text only | Text with Images

OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: derhelge on March 06, 2023, 01:00:23 PM

Title: flowbit noalert blocked?
Post by: derhelge on March 06, 2023, 01:00:23 PM
Hi,

using os-etpro-telemetry there a lot blocked entries in /ui/ids#alerts:

Alert   ETPRO EXPLOIT Microsoft Protected Extensible Authentication Protocol RCE xbits set, noalert (CVE-2023-21690)
Alert sid   2853519

From my understanding, these packages should not be blocked? But the table says "blocked"?
Title: Re: flowbit noalert blocked?
Post by: featheredfifth on April 20, 2023, 05:16:32 AM
Hi,
I don't understand ETPRO EXPLOIT well yet. Can someone explain in more detail.
funny shooter 2 (https://funnyshooter2.com)
Text only | Text with Images