PDA

View Full Version : Intrusion alert on FXO Gateway



sjanssen
05-12-2011, 10:00 AM
Hi.

A few days ago we started working with a company that is going to monitor our LAN.
I think the agent is causing our FXO Gateway to detect an intrusion alert that is coming
from our primary server within our LAN. I thought that changing the Nameserver in DNS
Settings to the primary server would stop the alerts. It didn't.

So, I have turned off the email alert for IDS so that emails don't keep coming to me.
But I would like to resolve this so that I can turn the alert on again.

Thanks.

davrays
05-16-2011, 04:56 AM
what functions your "primary server" has? Is it SIP server, or just DNS/DHCP/router?

Did you look into the IDS Log page? Which kind of attacks are detected? Is it port scan or something else?

It is very possible that some software installed on the server is scanning all machines in the network (thats basically what monitoring tools do), and so Quadro detects this scan attempt as intrusion attempts (port scan is a "classic" intrusion type). If this is the case, there is nothing else you can do except switching OFF the IDS on the Quadro.

sjanssen
05-16-2011, 03:00 PM
davrays, thank you for your response. It caused me to go back and re-read the documentation. Something I read made me look at the settings in Internet Uplink ->
Firewall/NAT. I enabled the Firewall and set it to Low Security because my FXO is behind our firewall. I changed the event setting back and I am not getting any emails.