Hot!IPS detection concerns

Author
BESCIT
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/04/15 05:39:08
  • Status: offline
2019/05/01 04:39:31 (permalink)
0

IPS detection concerns

Hello,
 
I'm seeing a rise in activity (3 fold) along the IPS lines with bad actors using Apache.Struts.2.Jakarta.Multipart.Parser.Code.Execution and Apache.Tomcat.Arbitrary.JSP.file.Upload against my mail server and another web servers that is behind the Fotrtigate.
 
Should I be more concerned or just confident that the Fortigate is doing its's job?  Is there something I can do to lessen the attacks on these sites?
 
I'm the only one on staff with the network / UTM responsibilities so I am just looking for conversation on these events.   Don't know how concerned I should be or if I'm doing all I can to minimize them. 
 
Any feedback would be most appreciated.
 
Thanks
---Kenny
#1

2 Replies Related Threads

    abelio
    Expert Member
    • Total Posts : 3630
    • Scores: 55
    • Reward points: 0
    • Joined: 2005/03/31 13:28:59
    • Location: Buenos Aires, Argentina
    • Status: offline
    Re: IPS detection concerns 2019/05/01 10:18:40 (permalink)
    3 (1)
    Hello Kenny,
    excuse me for asking this first: are you indeed running Apache Struts in those servers?
    If not -> false positive
    On the contrary, checks your logs (Apache ones, not only FAZ/FGT)  or run your own proof of concept with widely published attempts to exploit this known vuln.

    regards
    --
    Abel
    #2
    BESCIT
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/04/15 05:39:08
    • Status: offline
    Re: IPS detection concerns 2019/05/03 06:09:20 (permalink)
    0
    Abel,
     
    Thanks for the info.  Will investigate with the developers and get back to you.
     
    ---Kenny
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5