Intrusion Prevention
Intrusion Prevention

threshold protocols values for ids with isg1000 - brute force alerts

09.11.09   |  
‎09-11-2009 08:42 AM

hi, :smileyhappy:

 

I cannot setup the protocols threshold with my ISG1000 with IDS Firewall.

I have a lot of: "HTTP:Brute Force Search" or "FTP: Brute Force Login Attempt" or "SMB: Brute Force Login"

when I put the threshold values very hight (like near 90 or 100 per minute) 

the ids is still alerting with thoses sign.

this seems very strange to me...

 

help please!

 

Xavier

2 REPLIES
Highlighted
Intrusion Prevention

Re: threshold protocols values for ids with isg1000 - brute force alerts

09.23.09   |  
‎09-23-2009 12:51 AM

Hi Xavier,

how are you configuring the protocol thresholds?

Did you try disabling it?

 

Let's get some more info to help you

 

Ciao Smiley Happy

Daniele

***Contributor at Router Freak blog***
Intrusion Prevention

Re: threshold protocols values for ids with isg1000 - brute force alerts

10.01.09   |  
‎10-01-2009 06:04 AM

hi Daniele

 

I configure via NSM :

Edit member / Security / IDP SM setting (see file attached)

for each protocol (like http/ftp/smb) I put the threshold value.

 

did you mean  disabling putting zero values ?

 

have a nice day

 

Xavier

 

 

Attachments