This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to get details on 2 attacks blocked : rule 32488

Hi,

I had 2 attacks blocked, it is a bummer that I can't drill down on the actual text, but I found more detail in the "Network Protection" menu under "IPS: Top Blocked Attacks"

I can figure out the host inside that tried to send the packet out

I can figure out the two hosts that my internal machine tried to talk to

I can see the rule.

I cannot see:

1) the captured packet of what the payload was

2) I cannot see the time this event took place

3) I cannot see what the definition of the rule is to find out if this is a false positive.

Thanks,

Joe

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 9 years ago

Very busy indeed. Those users who are using UTM will need extremely beefy hardware for those speeds. One of the big drawbacks with Snort for IPS is that it is single-threaded currently, which can create significant latency if the processing queue gets backup up.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 9 years ago

Very busy indeed. Those users who are using UTM will need extremely beefy hardware for those speeds. One of the big drawbacks with Snort for IPS is that it is single-threaded currently, which can create significant latency if the processing queue gets backup up.

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data