This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS alerts from blocked address

Over the last couple of days, I've seen a sudden burst of IPS alerts from two particular IP addresses. While I have confidence in the IPS, I also see no reason to allow these sites continued access to anything I host, so I've placed them in my "Known Offenders" group which is rejected by Rule #1 on my firewall. However, I'm still getting IPS alerts from these jerks.

Am I correct in assuming that incoming traffic goes through the IPS before it hits the firewall? That seems backwards to me, but perhaps someone can suggest why it would be that way.

This thread was automatically locked due to age.

Parents

0 JonEtkins over 14 years ago

Good idea, Bob. I've created an IPS exception using the same "Known Offenders" group I use in my "Known Offenders" --> Any --> Any --> "Reject and Log" PF rule #1 - now to sit back and see if it does the trick.

I'd still like to see selective alert filtering so I would get alerted if these miscreants subsequently start trying other attacks, but this will do for now.

Thanks.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 JonEtkins over 14 years ago

Good idea, Bob. I've created an IPS exception using the same "Known Offenders" group I use in my "Known Offenders" --> Any --> Any --> "Reject and Log" PF rule #1 - now to sit back and see if it does the trick.

I'd still like to see selective alert filtering so I would get alerted if these miscreants subsequently start trying other attacks, but this will do for now.

Thanks.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data