|
Title: IPS not working - community release 2.4.1 Post by: bendeliduka on Friday 20 May 2011, 06:21:11 am Services | Intrusion Prevention | Intrusion Prevention System - Enabled is Green
Rules are updated, Logs show lines like: Code: Intrusio.. 2011-05-19 15:59:18 snort[11885]: [1:2011540:5] ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O) [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 91.207.192.22:443 -> 192.168.219.136:4398Services | Intrusion Prevention | Rules Most Rules have the yellow triangle, two rules have the red shield (auto/emerging-policy.rules, auto/emerging-rbn.rules) Rebooting the system has no effect. Rules with Above mentioned rules with red shield or yellow triangle, same effect Transparent proxy or non-transparent proxy, no effect. Confirmed connection in the status | connections screen. Connections are being made. Title: Re: IPS not working - community release 2.4.1 Post by: madswitcher on Thursday 02 June 2011, 04:44:23 am Happens on version 2.4.0 as well. The Services tab says Snort is on, but the main system page says its not. Rebooting makes no difference and Snort won't start when forced
Title: Re: IPS not working - community release 2.4.1 Post by: madswitcher on Friday 03 June 2011, 10:12:07 pm Fixed by config save and reinstall to the tin.
3 months running time without a hitch so far ;D Cheers Mike Title: Re: IPS not working - community release 2.4.1 Post by: madswitcher on Saturday 04 June 2011, 04:22:32 am and then 3 hours later it does the same thing:
system page says its not running, Status page says its not running Services page says its started after a rule load from the snort site Anyone got any comments or help? Thanks Mike |