09-11-2009 08:42 AM
I cannot setup the protocols threshold with my ISG1000 with IDS Firewall.
I have a lot of: "HTTP:Brute Force Search" or "FTP: Brute Force Login Attempt" or "SMB: Brute Force Login"
when I put the threshold values very hight (like near 90 or 100 per minute)
the ids is still alerting with thoses sign.
this seems very strange to me...
09-23-2009 12:51 AM
how are you configuring the protocol thresholds?
Did you try disabling it?
Let's get some more info to help you
10-01-2009 06:04 AM
I configure via NSM :
Edit member / Security / IDP SM setting (see file attached)
for each protocol (like http/ftp/smb) I put the threshold value.
did you mean disabling putting zero values ?
have a nice day