IPS Security alert with my Znuny server

FSF · Post by **FSF** » 20 Jun 2023, 09:39

Hello

Following an update of my UTM my Znuny server v6.3 (with IP 172.16.0.83) is blocked by my IPS service:

Deny src_ip=172.16.0.83 dst_ip=172.16.0.254 pr=icmp src_port= dst_port= src_intf=Lan server dst_intf=Firebox msg=blocked sites (reason = IPS autoblock: rule id=1135986) pckt_len=84 ttl=64 policy=(Ping-00) proxy_action= proc_id="firewall" rc="101" msg_id="3000-0173"

reason = IPS autoblock: rule id=1135986 corresponds to "IMAP Dovecot and Pigeonhole Remote Code Execution -1 (CVE-2019-11500)"

For the moment, my server is completely isolated from the rest of the network.

What in Znuny is causing this?

Thank you in advance

skullz · Post by **skullz** » 20 Jun 2023, 10:06

https://cve.mitre.org/cgi-bin/cvename.c ... 2019-11500

This is perhaps Dovecot issue that installed within the server

FSF · Post by **FSF** » 20 Jun 2023, 10:31

It's true that I forgot to mention that I'm running Debian 11.

And the commands: "service dovecot status" and "service postfix status" returns "unit service.postfix could not be found" and "unit service.dovecot could not be found"

In/etc/ postfix and dovecot are not presents

Post by **root** » 20 Jun 2023, 12:27

Hi,

Nothing in Znuny is related to this. When I read your log entry correctly, it's an ICMP/ping that causing this. There is no component in Znuny or add-ons from Znuny where an ICMP/ping is executed.

- Roy

FSF · Post by **FSF** » 20 Jun 2023, 14:15

Ok thank you

so I'll look for the origin elsewhere.

Znuny and ((OTRS)) Community Edition

IPS Security alert with my Znuny server

IPS Security alert with my Znuny server

Re: IPS Security alert with my Znuny server

Re: IPS Security alert with my Znuny server

Re: IPS Security alert with my Znuny server

Re: IPS Security alert with my Znuny server