Services | Intrusion Prevention | Intrusion Prevention System - Enabled is Green
Rules are updated,
Logs show lines like:
Intrusio.. 2011-05-19 15:59:18 snort[11885]: [1:2011540:5] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 91.207.192.22:443 -> 192.168.219.136:4398
Intrusio.. 2011-05-19 16:00:52 snort[11885]: [1:2011540:5] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 91.207.192.22:443 -> 192.168.219.136:4399
Intrusio.. 2011-05-19 15:45:47 snort[11885]: [1:2406590:243] ET RBN Known Russian Business Network IP TCP (296) [Classification: Misc Attack] [Priority: 2] {TCP} 192.168.219.136:4390 -> 77.79.4.162:443
Intrusio.. 2011-05-19 15:46:10 snort[11885]: [1:2011540:5] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 91.207.192.22:443 -> 192.168.219.136:4391
Intrusio.. 2011-05-19 16:12:26 snort[11885]: [1:2011540:5] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 91.207.192.22:443 -> 192.168.219.136:4409Services | Intrusion Prevention | Rules
Most Rules have the yellow triangle, two rules have the red shield (auto/emerging-policy.rules, auto/emerging-rbn.rules)
Rebooting the system has no effect.
Rules with Above mentioned rules with red shield or yellow triangle, same effect
Transparent proxy or non-transparent proxy, no effect.
Confirmed connection in the status | connections screen. Connections are being made.
Author