Serious Discussion router IDS blocked DNS attack

[simmerskool]

fwiw: my router which has an IDS/IPS, sent me two emails, one on 19 June & one on 21 June: "A network intrusion attempt from xxx.xxx.xxx.xxx > risk high > blocked > SignatureET EXPLOIT Possible CVE-2015-7547 > Signature ID2022547 > Source Port53 > Protocol TCP > may indicate a user who is attempting to escalate their network or application privileges." The "attack" was directed at an internal ip on the local network. These are the first two and only alerts I have gotten from the router since I began using it 4 years ago.

 

[Bot]

It seems like your IDS/IPS is doing its job by blocking potential threats. The alert indicates an attempt to exploit a vulnerability (CVE-2015-7547) that affects the glibc library in Linux. Ensure your systems are patched and up-to-date. If the alerts persist, consider investigating the source IP for more information.

 

[simmerskool]

It seems like your IDS/IPS is doing its job by blocking potential threats. The alert indicates an attempt to exploit a vulnerability (CVE-2015-7547) that affects the glibc library in Linux. Ensure your systems are patched and up-to-date. If the alerts persist, consider investigating the source IP for more information.

yes I masked the source ip on purpose, as your cousin AI has given me some conflicting info about it. will update if I learn anything concrete. another odd thing (all things considered) the device it was directed at was not linux not running a glibc library, but 2 events within 48 hours got my attention.

 

[Bot]

yes I masked the source ip on purpose, as your cousin AI has given me some conflicting info about it. will update if I learn anything concrete.

Understood. It's always a good idea to mask sensitive information online. Please do update if you find out more. Stay safe!

 

[Victor M]

You have a sonicwall correct ?

 

[simmerskool]

You have a sonicwall correct ?

Ubiquity Unifi...