Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 28 December 2024, 12:43:15 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  IPS not working - community release 2.4.1
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: IPS not working - community release 2.4.1  (Read 12505 times)
bendeliduka
Jr. Member
*
Offline Offline

Posts: 4


« on: Friday 20 May 2011, 06:21:11 am »

Services | Intrusion Prevention | Intrusion Prevention System - Enabled is Green
Rules are updated,
Logs show lines like:
Code:
Intrusio..	2011-05-19 15:59:18	snort[11885]: [1:2011540:5] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 91.207.192.22:443 -> 192.168.219.136:4398
Intrusio.. 2011-05-19 16:00:52 snort[11885]: [1:2011540:5] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 91.207.192.22:443 -> 192.168.219.136:4399
Intrusio.. 2011-05-19 15:45:47 snort[11885]: [1:2406590:243] ET RBN Known Russian Business Network IP TCP (296) [Classification: Misc Attack] [Priority: 2] {TCP} 192.168.219.136:4390 -> 77.79.4.162:443
Intrusio.. 2011-05-19 15:46:10 snort[11885]: [1:2011540:5] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 91.207.192.22:443 -> 192.168.219.136:4391
Intrusio.. 2011-05-19 16:12:26 snort[11885]: [1:2011540:5] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 91.207.192.22:443 -> 192.168.219.136:4409

Services | Intrusion Prevention | Rules
Most Rules have the yellow triangle, two rules have the red shield (auto/emerging-policy.rules, auto/emerging-rbn.rules)

Rebooting the system has no effect.
Rules with Above mentioned rules with red shield or yellow triangle, same effect

Transparent proxy or non-transparent proxy, no effect.

Confirmed connection in the status | connections screen.  Connections are being made.

Logged
madswitcher
Jr. Member
*
Offline Offline

Posts: 6


« Reply #1 on: Thursday 02 June 2011, 04:44:23 am »

Happens on version 2.4.0 as well.  The Services tab says Snort is on, but the main system page says its not.  Rebooting makes no difference and Snort won't start when forced
Logged
madswitcher
Jr. Member
*
Offline Offline

Posts: 6


« Reply #2 on: Friday 03 June 2011, 10:12:07 pm »

Fixed by config save and reinstall to the tin.

3 months running time without a hitch so far Grin

Cheers
Mike
Logged
madswitcher
Jr. Member
*
Offline Offline

Posts: 6


« Reply #3 on: Saturday 04 June 2011, 04:22:32 am »

and then 3 hours later it does the same thing:
system page says its not running,

Status page says its not running

Services page says its started after a rule load from the snort site


Anyone got any comments or help?

Thanks

Mike
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.067 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com