Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 2320 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS block periods

NewImage
Is there a way to increase the ban time of an IP address when they set off the IPS? I have an IP trying to brute force a FTP server, but the IPS just disconnects the current session, leaving them able to just reconnect and try again.


This thread was automatically locked due to age.
Parents
  • 0
    2013:05:01-17:15:59 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="55500" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:07 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="57128" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:15 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="58614" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:22 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="60150" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:30 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="33410" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:36 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="34952" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:44 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="36480" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
Reply
  • 0
    2013:05:01-17:15:59 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="55500" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:07 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="57128" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:15 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="58614" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:22 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="60150" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:30 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="33410" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:36 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="34952" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
    2013:05:01-17:16:44 keywest snort[16794]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert" action="drop" reason="APP-DETECT failed FTP login attempt" group="242" srcip="192.168.1.2" dstip="176.31.184.48" proto="6" srcport="21" dstport="36480" sid="13360" class="Misc activity" priority="3"  generator="1" msgid="0"
Children
No Data