Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 16 November 2024, 12:18:38 pm

Login with username, password and session length

Download the latest community FREE version  HERE
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Development
| |-+  EFW Wishlist
| | |-+  See what Intrusion Prevention (IPS) has blocked.
0 Members and 0 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: See what Intrusion Prevention (IPS) has blocked.  (Read 23171 times)
mrt
Full Member
***
Offline Offline

Posts: 23


« on: Wednesday 21 April 2010, 04:09:40 pm »

Hi, I move from Clarkconnect/ClearFondation to Endian 2.3 Community.
In my former GW/FW I could see in IPS view what IP's that have been blocked, default for 24 hour and see for what reason it was blocked. (and lookup to snort to see explaination)
I could also unblock if the rule discover a false positive or "wrong" IP.

I can't find this function in EFW 2.3 and wounder if this could be done in near future? (2.3.1 ?) :-)

Thanks in advance,

Regards from Norway 
Logged
xxxx
Jr. Member
*
Offline Offline

Posts: 9


« Reply #1 on: Saturday 01 May 2010, 02:25:21 am »

This makes no sense with the Endian. Snort inline uses the Endian and this drops the bad pakets in the connection and does not drop the whole Ip like Guardian.
Logged
vlongjvc
Full Member
***
Offline Offline

Posts: 27


« Reply #2 on: Tuesday 04 May 2010, 01:52:50 pm »

Hi xxxx,

Actually, Snort inline using these rules will block the whole IP if these rules are configured to run in IPS mode: "emerging-compromised.rules", "emerging-drop.rules", "emerging-dshield.rules", "emerging-rbn.rules"

Regards,
Logged
xxxx
Jr. Member
*
Offline Offline

Posts: 9


« Reply #3 on: Sunday 09 May 2010, 10:27:09 pm »

Then see you this on the Logs and can unblock this Ip with the Rule Editor because Snort drops the Pakets from this Ip directly and make not a Iptables entry like guardian.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.063 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com