|
Title: Need to be schooled on SNORT IPS Post by: jpin on Friday 23 May 2014, 04:13:07 am So just installed my first Endian Firewall 3.0. Working ok, but I'm trying to get the IPS up and working. I thought it was working till I noticed it wasn't blocking anything it was only detecting. My question is how do you start blocking things? surely going through every rule and manually changing all of the policies isn't the way. For that matter I wouldn't know which ones to enable if I did go that route. ???
Can someone help me understand? Title: Re: Need to be schooled on SNORT IPS Post by: jpin on Wednesday 11 June 2014, 11:25:00 pm Nobody knows anything about SNORT IPS on Endian? Surely I'm not the only one using this?
Title: Re: Need to be schooled on SNORT IPS Post by: Ricard on Wednesday 02 July 2014, 01:02:49 am - visit www.testmyids.com and then see your log
- check the Intrusion Prevention is active, and then go the Intrusion Prevention ->Snort Editor Edit "/auto/emerging-policy.rules" section, and then go until the final pages (12+-) until your find the rule "2017015 ET POLICY DropBox User Content Access over SSL" Check that rule is active and showing the shield icon. Then try to download this file (or any other belonging to https://dl.dropboxusercontent.com/....) https://dl.dropboxusercontent.com/s/pgo6ryv8tfjodiv/streaming.sas7bdat Try yourself checking and unchecking this Dropbox rule, applying changes, and trying again to download that file. See your logs. More specific tests: http://.alijahangiri.org/2012/04/how-to-test-snort-with-penetration-testing-tools/ http://lteo.net//2012/10/26/an-easy-way-to-test-your-snort-rules/ |