Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 2576 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Edit IPS

simby
Hi,

how can i quick see and edit all "Intrusion Protection is active with 7570 of 7735 patterns!!" IPS rules used in ASG V7 from the list
http://www.astaro.com/lists/ASGV7-IPS-rules.html


Wher it is this files. Can i edit by putty?

I see report:

An intrusion has been detected. The packet has *not* been dropped.
If you want to block packets like this one in the future, set the corresponding intrusion protection rule to "drop" in WebAdmin.
Be careful not to block legitimate traffic caused by false alerts though.

Details about the intrusion alert:

Message........: ICMP Destination Unreachable Communication Administratively Prohibited
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=485
Time...........: 2008:02:17-09:41:43
Packet dropped.: no
Priority.......: 3 (low)
Classification.: Misc activity
IP protocol....: 1 (ICMP)

Why this ping is not droped?


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to simby
    Look at the classification... you probably have that entire category in the webadmin set to alert only.  You can change that setting for the whole category ... as shown in the attached screenshot, or, for that particular rule, you can modify it under the Advanced tab, as shown in the other screen shot (the ID number of the rule in question is 485, as outlined in your email notification).  It's that easy.
Children