Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SCSIraidGURU1
New Contributor

60e 6.4.9 reports CVE 1999-0525 Trace Route IPS attack on my workstation.

60e 6.4.9 reports CVE 1999-0525 Trace Route IPS attack on my workstation.   I have ran Avast full scan and Malwarebytes found nothing.   I did see in the CVE it was updated 6/9/22.   I am trying to disable Traceroute in the IPS.   I added a Traceroute policy to disable it in IPS.   I moved it to the top of the IPS list and excluded just my IP. 

4 REPLIES 4
metz_FTNT
Staff
Staff

Hello,

 

Looking at the count detection bellow:

https://www.fortiguard.com/encyclopedia/ips/12466

 

After the signature update, there is a peak. It is quite possible to be a false positives after the signature was updated (or there was false negative before the update)

To "disable" it simply put a filter for attack ID 12466 with action "pass"

 

nieistotny


@metz_FTNT wrote:

Looking at the count detection bellow:

https://www.fortiguard.com/encyclopedia/ips/12466

Hi, where is the count detection, I don't see them?

 
 

 

 

metz_FTNT

At  the time when I posted the link, there was a telemetry on the bottom of the page showing the graph for counting detection of the signature. There was a high peak just at the same time when the signature was updated.

SCSIraidGURU1
New Contributor

Here was my solution.   I placed Trace Route at the beginning of the rules.  I added my workstation IP as an exclusion



Untitled.jpg

Labels
Top Kudoed Authors