Hello everyone, I read on a few posts that this issue has been addressed before, but this was a while back (2013).
https://www.clearos.com/clearfoundation/social/community/intrusion-prevention-never-shows-blocked-ips
Is there any update on this?
I installed Clear OS Community 7 a few days ago.
My old 5.2 blocked (and logged) 10-20 IPs daily.
The new 7 hasnt blocked any offender, it seems unlikely that there was no attempts within a week.
Should I modify anything on the system, after installing Intrusion Detection and Intrusion Prefention?
Both are running ofcourse.
Should I add any other apps?
Should I add some paid apps from the Marketplace?
Marcin
https://www.clearos.com/clearfoundation/social/community/intrusion-prevention-never-shows-blocked-ips
Is there any update on this?
I installed Clear OS Community 7 a few days ago.
My old 5.2 blocked (and logged) 10-20 IPs daily.
The new 7 hasnt blocked any offender, it seems unlikely that there was no attempts within a week.
Should I modify anything on the system, after installing Intrusion Detection and Intrusion Prefention?
Both are running ofcourse.
Should I add any other apps?
Should I add some paid apps from the Marketplace?
Marcin
Share this post:
Responses (8)
-
Accepted Answer
-
Accepted Answer
Thanks for the response Dave. My ClearOS box is exposed to the Internet with a public IP and is operating in Gateway mode. Snort is detecting plenty of attacks, but SnortSam isn't doing anything about it.
Dave Loper wrote:
Does your ClearOS server have a public IP (not an RFC 1918 address)?
If it uses a private schema, a lot of common attacks will be conducted against your frontend router instead of your ClearOS server. You would only see activity typically on open ports or if your defenses on your ISP head-end router fail.
Also, make sure the services are running in the Prevention and Detection modules. -
Accepted Answer
Does your ClearOS server have a public IP (not an RFC 1918 address)?
If it uses a private schema, a lot of common attacks will be conducted against your frontend router instead of your ClearOS server. You would only see activity typically on open ports or if your defenses on your ISP head-end router fail.
Also, make sure the services are running in the Prevention and Detection modules. -
Accepted Answer
-
Accepted Answer
Peter Baldwin wrote:
Hi Marcin,
Please feel free to submit a support ticket if the IDS Signatures are not working. If your system is connected directly to the Internet, you should see at least a dozen IPs in the block list.
Thanks Peter, I just did that (post a ticket).
Definitely something is strange, because there is still nothing blocked, 36 hours after installing and restarting ofcourse. -
Accepted Answer
Hi Marcin,
Please feel free to submit a support ticket if the IDS Signatures are not working. If your system is connected directly to the Internet, you should see at least a dozen IPs in the block list. -
Accepted Answer
Its been 12 hours, and still there is nothing reported as blocked, despite installing the additional IDS Signatures.
https://firewallhost... /app/intrusion_protection_updates reports "Nothing to report" (in the Logs section on the bottom of the page)
while https://firewallhost... /app/intrusion_prevention reports: "No data available in table" (in the Blocked List on the bottom of the page).
In 5.2, as I wrote before, 10-20 IPs were being reported daily. -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »