ASG 220 with 7.201.
A particular IP address has been generating a lot of port scan and intrusion alerts (Message........: WEB-IIS iisadmin access)
It's filling up my inbox so I thought I would just drop all packets from that IP with a pf rule (Source the ip, service, any, destination, internal network) but I am still getting periodic floods of alerts.
Whats the best approach to these issues anyway?
This thread was automatically locked due to age.
