60e 6.4.9 reports CVE 1999-0525 Trace Route IPS attack on my workstation.

Forum|Forum|4 years ago
June 15, 2022
2 replies
3817 views

60e 6.4.9 reports CVE 1999-0525 Trace Route IPS attack on my workstation. I have ran Avast full scan and Malwarebytes found nothing. I did see in the CVE it was updated 6/9/22. I am trying to disable Traceroute in the IPS. I added a Traceroute policy to disable it in IPS. I moved it to the top of the IPS list and excluded just my IP.

FortiGate

metz_FTNT

Staff

Hello,

Looking at the count detection bellow:

https://www.fortiguard.com/encyclopedia/ips/12466

After the signature update, there is a peak. It is quite possible to be a false positives after the signature was updated (or there was false negative before the update)

To "disable" it simply put a filter for attack ID 12466 with action "pass"

nieistotny

New Member

@metz_FTNT wrote:
Looking at the count detection bellow:
https://www.fortiguard.com/encyclopedia/ips/12466

Hi, where is the count detection, I don't see them?

metz_FTNT

Staff

At the time when I posted the link, there was a telemetry on the bottom of the page showing the graph for counting detection of the signature. There was a high peak just at the same time when the signature was updated.

SCSIraidGURU1Author

Explorer

Here was my solution. I placed Trace Route at the beginning of the rules. I added my workstation IP as an exclusion

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded