Title: Instrusion Prevention - where to look? (MOVED too Whislist) Post by: mrt on Wednesday 21 April 2010, 04:07:19 am Hi,
Endian 2.3 have both Intrusion Detection (IDS) and Intrusion Prevention (IPS) and I could see all the detection in log. Both there is one thing I missing from my "old" Clarconnect/ClearFondadion. Where can I see what have been blocked and for how long time is it blocked? My older system had one IPS function where I could see which IP that had been block, for what reason and block for 24 hour. I could also "unblock" it if it was a false rule/positive Do Endian 2.3 have the same ? Regards Title: Re: Instrusion Prevention - where to look? Post by: vlongjvc on Wednesday 21 April 2010, 12:40:48 pm You can request this function in "EFW Wishlist". I see that this feature is very useful. Thanks.
Title: Re: Instrusion Prevention - where to look? Post by: mrt on Wednesday 21 April 2010, 04:10:29 pm Done
Title: Re: Instrusion Prevention - where to look? (MOVED too Whislist) Post by: xxxx on Sunday 02 May 2010, 11:40:03 am This function is not very usefull because the Endian uses Snort inline this drop the bad pakets in the connection in real time not like the most Ips configs where snort detects and Guardian write the Ip to iptables drop list.The Ids/Ips from the endian is so more powerfull like the Ids from the most other Firewall Distributionen.
|