EFW Support
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
Sunday 24 November 2024, 07:24:16 am
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
CLICK HERE
for the The official Endian Roadmap and Issue tracker
14261
Posts in
4377
Topics by
6517
Members
Latest Member:
Sandro
Search:
Advanced search
EFW Support
Development
EFW Wishlist
See what Intrusion Prevention (IPS) has blocked.
0 Members and 3 Guests are viewing this topic.
« previous
next »
Pages:
[
1
]
Author
Topic: See what Intrusion Prevention (IPS) has blocked. (Read 23812 times)
mrt
Full Member
Offline
Posts: 23
See what Intrusion Prevention (IPS) has blocked.
«
on:
Wednesday 21 April 2010, 04:09:40 pm »
Hi, I move from Clarkconnect/ClearFondation to Endian 2.3 Community.
In my former GW/FW I could see in IPS view what IP's that have been blocked, default for 24 hour and see for what reason it was blocked. (and lookup to snort to see explaination)
I could also unblock if the rule discover a false positive or "wrong" IP.
I can't find this function in EFW 2.3 and wounder if this could be done in near future? (2.3.1 ?) :-)
Thanks in advance,
Regards from Norway
Logged
xxxx
Jr. Member
Offline
Posts: 9
Re: See what Intrusion Prevention (IPS) has blocked.
«
Reply #1 on:
Saturday 01 May 2010, 02:25:21 am »
This makes no sense with the Endian. Snort inline uses the Endian and this drops the bad pakets in the connection and does not drop the whole Ip like Guardian.
Logged
vlongjvc
Full Member
Offline
Posts: 27
Re: See what Intrusion Prevention (IPS) has blocked.
«
Reply #2 on:
Tuesday 04 May 2010, 01:52:50 pm »
Hi xxxx,
Actually, Snort inline using these rules will block the whole IP if these rules are configured to run in IPS mode: "emerging-compromised.rules", "emerging-drop.rules", "emerging-dshield.rules", "emerging-rbn.rules"
Regards,
Logged
xxxx
Jr. Member
Offline
Posts: 9
Re: See what Intrusion Prevention (IPS) has blocked.
«
Reply #3 on:
Sunday 09 May 2010, 10:27:09 pm »
Then see you this on the Logs and can unblock this Ip with the Rule Editor because Snort drops the Pakets from this Ip directly and make not a Iptables entry like guardian.
Logged
Pages:
[
1
]
« previous
next »
Jump to:
Please select a destination:
-----------------------------
Announcements
-----------------------------
=> Project News
=> Latest News and Updates
-----------------------------
Support
-----------------------------
=> General Support
=> Installation Support
=> EFW SMTP, HTTP, SIP, FTP Proxy Support
=> VPN Support
=> Hardware Support
-----------------------------
Development
-----------------------------
=> EFW Wishlist
=> Contribute Your Customisations & Modifications
Page created in 0.078 seconds with 18 queries.
Powered by SMF 1.1 RC2
|
SMF © 2001-2005, Lewis Media
Design by
7dana.com