Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 1279 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPS Not detecting anything

THE_INV1CTUS
Hello all. 
I installed UTM 9 (Home Edition) about 6 months ago and I have IPS enabled with the default attack-paterns, Anti-DDOS and Anti-Portscan.

The Internal network is in my Local Network on the first tab (Global). IPS never detected anything, do I have to do something else ?

Thank you for your help.


This thread was automatically locked due to age.
Parents
  • 0
    Thank you for your response. 
    I doubt no attack are being done on the network....
    The dashboard, daily or weekly reports always shows 0 IPS detected, but the live log has the following:

    2015:03:05-11:40:47 mcbf ulogd[4469]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="64.254.24.110" dstip="xx.***.x.***" proto="17" length="1376" tos="0x00" prec="0x00" ttl="51" srcport="4500" dstport="64118"
    2015:03:05-11:40:47 mcbf ulogd[4469]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="64.254.24.110" dstip="xx.***.x.***" proto="17" length="1376" tos="0x00" prec="0x00" ttl="51" srcport="4500" dstport="64118"
    2015:03:05-11:40:47 mcbf ulogd[4469]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="64.254.24.110" dstip="xx.***.x.***" proto="17" length="1376" tos="0x00" prec="0x00" ttl="51" srcport="4500" dstport="64118"
    2015:03:05-11:40:47 mcbf ulogd[4469]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="64.254.24.110" dstip="xx.***.x.***" proto="17" length="1376" tos="0x00" prec="0x00" ttl="51" srcport="4500" dstport="64118"

    and a lot more...
Reply
  • 0
    Thank you for your response. 
    I doubt no attack are being done on the network....
    The dashboard, daily or weekly reports always shows 0 IPS detected, but the live log has the following:

    2015:03:05-11:40:47 mcbf ulogd[4469]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="64.254.24.110" dstip="xx.***.x.***" proto="17" length="1376" tos="0x00" prec="0x00" ttl="51" srcport="4500" dstport="64118"
    2015:03:05-11:40:47 mcbf ulogd[4469]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="64.254.24.110" dstip="xx.***.x.***" proto="17" length="1376" tos="0x00" prec="0x00" ttl="51" srcport="4500" dstport="64118"
    2015:03:05-11:40:47 mcbf ulogd[4469]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="64.254.24.110" dstip="xx.***.x.***" proto="17" length="1376" tos="0x00" prec="0x00" ttl="51" srcport="4500" dstport="64118"
    2015:03:05-11:40:47 mcbf ulogd[4469]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="xx:xx:xx:xx:xx:xx" dstmac="xx:xx:xx:xx:xx:xx" srcip="64.254.24.110" dstip="xx.***.x.***" proto="17" length="1376" tos="0x00" prec="0x00" ttl="51" srcport="4500" dstport="64118"

    and a lot more...
Children
No Data