Quantcast
Channel: Symantec Connect - Endpoint Protection - Discussions
Viewing all articles
Browse latest Browse all 10484

Outbound IPS detection - direction true?

$
0
0
I need a solution

Log below - the attack involves word press which is not running on this web facing server, nor do any users access it directly.  It seems like a bug in the way this is logged as I can't see how the traffic originated internally.

Client Affected

Computer Name 
Current:Internal DNS
When event occurred:Internal DNS
IP Address 
Current:Internal IP
When event occurred:Internal IP
Local MAC:N/A
User Name:none
Operating system:Windows Server 2008 R2 Standard Edition
Location Name:Default
Domain Name:Default
Group Name:My Company\Servers
Server Name:MANTUS
Site Name:Site MANTUS

Risk Detected

Event Time:12/22/2015 06:02:02
Begin Time:12/22/2015 06:01:47
End Time:12/22/2015 06:01:47
Occurrence:1
Signature Name:Web Attack: Wordpress Arbitrary File Download
Signature ID:27847
Signature Sub ID:73066
Intrusion URL:OurURL/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php
Intrusion Payload URL:N/A
Event Description:[SID: 27847] Web Attack: Wordpress Arbitrary File Download attack blocked. Traffic has been blocked for this application: SYSTEM
Event Type:Intrusion Prevention
Hack Type:0
Severity:Critical
Application Name:SYSTEM
Network Protocol:TCP
Traffic Direction:Outbound
Remote IP:65.208.151.114
Remote MAC:N/A
Remote Host Name:N/A
Alert:1
Local Port:80
Remote Port:18469
0

Viewing all articles
Browse latest Browse all 10484

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>