Current Document and Section   Other Documents     Documentation     User Guide   DNS and Domains Gateway Services Guide Release Notes Howtos

Security - Intrusion Prevention

[edit] Overview

The intrusion prevention system blocks suspected attackers from your system.

[edit] Services

New exploits are discovered everyday. The intrusion detection software maintains and uses a list of 2000+ rules. You can receive automatic updates by subscribing to the Intrusion Detection Updates service.

[edit] Configuration

The Intrusion Prevention system displays a list of IP addresses that have been blocked due to inappropriate network traffic.

[edit] Description

[edit] SID

The SID corresponds to the Intrusion Detection ID that triggered the block. This is a hyper-link that can be followed to reveal more information about the specific conditions that were matched.

[edit] Blocked IP

This is the IP address that triggered the block. If this IP address should not be blocked, you can add it to a "don't block" list by clicking on Whitelist under Action.

[edit] Date / Time

The date/time fields show when the block occured.

[edit] Time Remaining

The remaining block time is listed last. The IP address will be unblocked when this reaches 0.

[edit] Action

A blocked host can be added to a Whitelist so it will not be blocked in the future. You can also remove a blocked host using Delete.

[edit] Whitelist

If there are IP addresses in your Whitelist they will be listed below the Active Block List. You can delete an entry by choosing Delete under Action.

[edit] Troubleshooting

If you find the snortsam software taking a long time to startup on your system, make sure the DNS servers configured for your ClarkConnect system are working properly.

[edit] Links

• SSH Brute Force Attack
• FTP Brute Force Attack