Intrusion Prevention
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
xavierp
Contributor
xavierp
Posts: 12
Registered: ‎06-17-2009
0

threshold protocols values for ids with isg1000 - brute force alerts

Options

‎09-11-2009 08:42 AM

hi, :smileyhappy:

 

I cannot setup the protocols threshold with my ISG1000 with IDS Firewall.

I have a lot of: "HTTP:Brute Force Search" or "FTP: Brute Force Login Attempt" or "SMB: Brute Force Login"

when I put the threshold values very hight (like near 90 or 100 per minute) 

the ids is still alerting with thoses sign.

this seems very strange to me...

 

help please!

 

Xavier

Message 1 of 3 (3,658 Views)
 
Reply
Recognized Expert Recognized Expert
Recognized Expert
Daniele
Posts: 164
Registered: ‎11-06-2007
0

Re: threshold protocols values for ids with isg1000 - brute force alerts

Options

‎09-23-2009 12:51 AM

Hi Xavier,

how are you configuring the protocol thresholds?

Did you try disabling it?

 

Let's get some more info to help you

 

Ciao :smileyhappy:

Daniele

***Contributor at Router Freak blog***
Message 2 of 3 (3,613 Views)
 
Reply
xavierp
Contributor
xavierp
Posts: 12
Registered: ‎06-17-2009
0

Re: threshold protocols values for ids with isg1000 - brute force alerts

Options

‎10-01-2009 06:04 AM

hi Daniele

 

I configure via NSM :

Edit member / Security / IDP SM setting (see file attached)

for each protocol (like http/ftp/smb) I put the threshold value.

 

did you mean  disabling putting zero values ?

 

have a nice day

 

Xavier

 

 

Attachment param.JPG ‏52 KB
Message 3 of 3 (3,574 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.