Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 2 subscribers
  • Views 2320 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS block periods

NewImage
Is there a way to increase the ban time of an IP address when they set off the IPS? I have an IP trying to brute force a FTP server, but the IPS just disconnects the current session, leaving them able to just reconnect and try again.


This thread was automatically locked due to age.
Parents
  • 0
    Hi, 
    Astaro/UTM doesn't really do any time-based blocking, other than:
    1. failed webadmin (and maybe SSH) logins will trigger a temporary block, if that feature is enabled. IIRC, the time period is configurable.

    2. portscan detection will create a temporary block. I don't know how long it lasts, but afaik it is short.
    Anyways, make sure you have PSD enabled.

    Keep in mind that firewalls with lengthy blocking are subject to DOS attacks; spoofed UDP packets could be created to cause the firewall to block off ISPs or possibly the entire Internet (although most firewalls would probably run out of memory first).

    Barry
Reply
  • 0
    Hi, 
    Astaro/UTM doesn't really do any time-based blocking, other than:
    1. failed webadmin (and maybe SSH) logins will trigger a temporary block, if that feature is enabled. IIRC, the time period is configurable.

    2. portscan detection will create a temporary block. I don't know how long it lasts, but afaik it is short.
    Anyways, make sure you have PSD enabled.

    Keep in mind that firewalls with lengthy blocking are subject to DOS attacks; spoofed UDP packets could be created to cause the firewall to block off ISPs or possibly the entire Internet (although most firewalls would probably run out of memory first).

    Barry
Children
No Data