Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 2562 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Turning off a particular IDS Event

James Bourne
Hi all,

I'm getting this random IDS alarm:

MYSQL yaSSL SSLv2 Client Hello Message Challenge Buffer Overflow attempt

It's between my OpenFire server in the DMZ and our centralised DB server inside our network (port 3389).

There doesn't seem to be anywhere in Intrusion Protection -> Advanced -> Performance tuning to add a DMZ host of this type (ie. the OpenFire one). Or should I add the SQL server in there?

The IDS exceptions seem to be way too general. How can I say "between these two hosts turn off this SNORT IDS rule"?

TIA,

James


This thread was automatically locked due to age.
Parents
  • 0
    Hey, James,

    I think there's a feature request you can vote for that suggests that kind of granular exceptions in IPS, but I don't think you can do it today.  Did you already add the SQL server in 'Performance Tuning'?

    Cheers - Bob
Reply
  • 0
    Hey, James,

    I think there's a feature request you can vote for that suggests that kind of granular exceptions in IPS, but I don't think you can do it today.  Did you already add the SQL server in 'Performance Tuning'?

    Cheers - Bob
Children