Intrusion Prevention
Reply
Contributor
xavierp
Posts: 12
Registered: ‎06-17-2009
0

threshold protocols values for ids with isg1000 - brute force alerts

hi, :smileyhappy:

 

I cannot setup the protocols threshold with my ISG1000 with IDS Firewall.

I have a lot of: "HTTP:Brute Force Search" or "FTP: Brute Force Login Attempt" or "SMB: Brute Force Login"

when I put the threshold values very hight (like near 90 or 100 per minute) 

the ids is still alerting with thoses sign.

this seems very strange to me...

 

help please!

 

Xavier

Recognized Expert
Daniele
Posts: 164
Registered: ‎11-06-2007
0

Re: threshold protocols values for ids with isg1000 - brute force alerts

Hi Xavier,

how are you configuring the protocol thresholds?

Did you try disabling it?

 

Let's get some more info to help you

 

Ciao :smileyhappy:

Daniele

***Contributor at Router Freak blog***
Contributor
xavierp
Posts: 12
Registered: ‎06-17-2009
0

Re: threshold protocols values for ids with isg1000 - brute force alerts

hi Daniele

 

I configure via NSM :

Edit member / Security / IDP SM setting (see file attached)

for each protocol (like http/ftp/smb) I put the threshold value.

 

did you mean  disabling putting zero values ?

 

have a nice day

 

Xavier

 

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.