Hi,
We are using Websense as Proxy. The Signature 6009/0 & 5930/8 triggers (SYN FLOOD DOS & GENERIC SQL INJECTION) triggers and blocks Internet traffic comming through proxy. Times the Signature changes and its very difficult to know root cause.
In the IPS event logs it shows Attacker IP of (Websense Proxy Server - 172.21.104.2) and Victim IP as (74.125.235.108 & 82.208.28.193). The victim IP shown in the IPS belongs to (Google & astrala.logout.cz).
Please Suggest.
Regards,
Gijoe