OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • flowbit noalert blocked?
« previous next »
  • Print
Pages: [1]

Author Topic: flowbit noalert blocked?  (Read 1279 times)

derhelge

  • Newbie
  • *
  • Posts: 14
  • Karma: 1
    • View Profile
flowbit noalert blocked?
« on: March 06, 2023, 01:00:23 pm »
Hi,

using os-etpro-telemetry there a lot blocked entries in /ui/ids#alerts:

Alert   ETPRO EXPLOIT Microsoft Protected Extensible Authentication Protocol RCE xbits set, noalert (CVE-2023-21690)
Alert sid   2853519

From my understanding, these packages should not be blocked? But the table says "blocked"?
Logged

featheredfifth

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: flowbit noalert blocked?
« Reply #1 on: April 20, 2023, 05:16:32 am »
Hi,
I don't understand ETPRO EXPLOIT well yet. Can someone explain in more detail.
funny shooter 2
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • Intrusion Detection and Prevention »
  • flowbit noalert blocked?
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2