info ids rules and action

Started by abranca, November 25, 2020, 05:28:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 25, 2020, 05:28:03 PM
hello everyone,
I have a question about the IDS system.

I have activated IDS, not IPS because I am in pppoe, and enabled ET xxxx rules, all with drop mode. I receive alerts for these rules but instead of being blocked they are accepted.

I took a sample of which I enclose screenshots:
rule ET COMPROMISED Known Compromised or Hostile Host Traffic group 218 set in drop mode and in the alert the action is "allowed".

shouldn't it be "blocked"?

thanks to all
November 25, 2020, 05:44:47 PM #1
Hi
QuoteI have activated IDS, not IPS because I am in pppoe, and enabled ET xxxx rules, all with drop mode. I receive alerts for these rules but instead of being blocked they are accepted.
that's the difference between IDS and IPS
November 28, 2020, 02:32:06 PM #2
Thank you for the clarification
Print
Go Up Pages1
User actions