This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Meaning of IPS rules and top attackers

Total newbie to firewalls here.

On the IPS dashboard where I see Top Blocked Attacks and Top Blocked Attackers I see things like 797 packets blocked due to rule 2466.

Then in the Top Blocked Attackers list, I see 10 PC's on my subnets.

How do I interpret the various undescribed rules? Does the internal attackers list mean that our PC's are engaged in risky behaviour?[:S]

This thread was automatically locked due to age.

Parents

0 Scott_Klassen over 18 years ago

You can get the list of IPS rules that Astaro uses here: http://www.astaro.com/lists/ . With that list you can lookup exactly what rule 2466 (or any other) is.

IPS is not an exact science and has as much to do with policy as it does with networking and is specific to the environment. While a particular Astaro IPS rule violation may be considered ignorable in some environments, in others it can lead to a RGE. What is listed in the graph are the number of violations by particular systems, based upon the rules included under the groupings you've chosen under Network Security>Intrusion Protection>Attack Patterns Tab.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Scott_Klassen over 18 years ago

You can get the list of IPS rules that Astaro uses here: http://www.astaro.com/lists/ . With that list you can lookup exactly what rule 2466 (or any other) is.

IPS is not an exact science and has as much to do with policy as it does with networking and is specific to the environment. While a particular Astaro IPS rule violation may be considered ignorable in some environments, in others it can lead to a RGE. What is listed in the graph are the number of violations by particular systems, based upon the rules included under the groupings you've chosen under Network Security>Intrusion Protection>Attack Patterns Tab.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data