IPS and Portscan

ok, just loaded 933 yesterday and noticed the following..

In the IPS, I selected my Internal Network and enabled IPS. Also enabled the Portscan detection.

I checked the log, and I get internal Hosts flagged for Intrusion and some even for Portscan.

I thought when you select your Internal network, that it would not check anything coming from the inside?? For now I added a custom exception and told it to ignore my internal network for all checks.. lets see what that does,..

Parents

0 RFCat_vk_01 over 17 years ago

Msan,
similarly, I have noticed the same issues as you.

Try enabling the p2p and IM menus. I then made all the p2p and im stuff "alert" status. Big mistake, every packet sent (I haven't checked direction 100%) causes a portscan report, so over about 3 hours I have over 130,000 portscans from 2 users. They are running edonkey, winny and msnmessenger.

Now if you don't put them in alert status you don't seem to get any summaries generated.
Anyway, I have put them all back to the "don't block" status.

Ian M[:)][:S][:S]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 RFCat_vk_01 over 17 years ago

Msan,
similarly, I have noticed the same issues as you.

Try enabling the p2p and IM menus. I then made all the p2p and im stuff "alert" status. Big mistake, every packet sent (I haven't checked direction 100%) causes a portscan report, so over about 3 hours I have over 130,000 portscans from 2 users. They are running edonkey, winny and msnmessenger.

Now if you don't put them in alert status you don't seem to get any summaries generated.
Anyway, I have put them all back to the "don't block" status.

Ian M[:)][:S][:S]
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data