"This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
Intrusion Detection and Prevention / Re: Simple IPS Policy Question for New User
December 30, 2024, 01:19:31 PM #2
Intrusion Detection and Prevention / Re: Drop Policy and directly set Rule to "Drop" not working.
December 30, 2024, 01:03:47 PMQuote from: someone on June 08, 2024, 11:19:53 PMHello [span style="text-decoration: none;"]Exion[/span]
my the rules are enabled and applied and says alert
I set up a policy for all rules whether alert or drop to be dropped and applied them, but it allowed someone to ssh into my tcp port 443, a rule caught it, 2001984, but allowed it, where does "allowed" come from, says in suricata logs, I didnt see it as an option, and its not set up that way. Pulled up the rule and it said alert, changed that one rule to drop, its the only drop rule. All the other rules are to drop under rule policy. Even though they say alert. Anyone know how to fix this not dropping behavior. It was working as it caught 15 dns bad queries directed to a .biz server.It was running behind an ISP router in which they hyjacked and is now destroyed.They broke the firmware. MITM attack. But opnsense is running on its own now and has problems.
I have the same issue. please help me
Pages1
