Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Low Severity issues on Intrusion Prevention
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Hello to All,

I have a problem with IPS/IDS protection with Low severity threats. I have enabled IPS and set Low Severity to Log and Drop

http://www.proxima.web.tr/pub/kerio/2015-05-18_094531.png

But I'm confused because although I did the correct settings FTP Brute-Force threats are still not dropped.

Is this a some kind of bug or not? Does anyone have any problem with IPS with Low Severity Threats?

Thank you.

http://www.proxima.web.tr/pub/kerio/2015-05-18_094558.png

  •  
Goran

Messages: 326
Karma: 5
Send a private message to this user
yes it is same for me (same settings), some low rules get drop some not, usually not...
U can go to ..../snor/rules/used.rules and edit rule no to alert but to drop

alert tcp $EXTERNAL_NET $HTTP_PORTS....

drop tcp $EXTERNAL_NET $HTTP_PORTS....


but after IPS update everything will go back

Question cannot be stupid, but some of the answers can.
  •  
KursadOlmez

Messages: 118
Karma: 3
Send a private message to this user
Thank you for the suggestion Goran. But changing config file everytime IPS database updated is not practical for me. So I changed FTP port to something else instead of 21.
Previous Topic: IP Address Groups tab not support WildCards expressions !! Kerio needs to fix & update
Next Topic: IPSec - Kerio & AWS
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Oct 18 07:39:05 CEST 2017

Total time taken to generate the page: 0.00387 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.