Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 2 subscribers
  • Views 2300 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[8.201][solved]IPS seems not to block

wingman
Hi All

I just got a notification for a packet that was supposed to be dropped as per my config (pic attached) by the IPS but instead I just got an alert. I am using version 8.201

2011:08:17-09:15:13 stuffman snort[8411]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="alert" reason="SPECIFIC-THREATS LANDesk Management Suite Alerting Service buffer overflow" group="500" srcip="192.168.*.***" dstip="192.168.**.**" proto="17" srcport="53" dstport="65535" sid="17567" class="Attempted Administrator Privilege Gain" priority="1"  generator="1" msgid="0"


The rule belongs to the malware group which I am blocking as per pic 

Any thoughts?

Thanks


This thread was automatically locked due to age.
Parents
  • 0
    Albeck and James, I suspect that you'd see why this is not a good idea after turning on a bunch of rules that are normally just additional warnings.

    Wingman, this is an opportunity to learn the old English expression "hoist on his own petard" [[[:D]]][[[:D]]][[[:D]]]



    Cheers - Bob
Reply
  • 0
    Albeck and James, I suspect that you'd see why this is not a good idea after turning on a bunch of rules that are normally just additional warnings.

    Wingman, this is an opportunity to learn the old English expression "hoist on his own petard" [[[:D]]][[[:D]]][[[:D]]]



    Cheers - Bob
Children
  • 0 in reply to BAlfson

    Wingman, this is an opportunity to learn the old English expression "hoist on his own petard" [[[[:D]]]][[[[:D]]]]:

    In the south where I live, I believe they would use it in a sentence like this... If that somebeach doesn't listen the next time, weer gonna hoist him on his own petard... yes sir[[[[:D]]]][[[[:D]]]]