English Forums > Intrusion Detection and Prevention

Test IPS functional

(1/2) > >>

deputycag:
I have been running IPS inline.  Recently added the snort VRT rules.  How do you guys test to see if the IPS is blocking rules?  I do not see anything in my alerts except the country blocking rules I have setup.

deputycag:
I have tried http://www.wicar.org/test-malware.html and tested CVE-2014-6332.  These rules are enabled under emerging-exploit.rules and I do not see the alerts at all. 

fabian:
the opnsense test ruleset includes EICAR. If IPS is enabled on your LAN (not WAN), it should block the download.

deputycag:
That worked.  Blocked.  So why is the exploit rules for CVE-2014-6332 not blocking when they are enabled?

fabian:
Maybe you have not downloaded them or the rule does not match. Can't tell you from here.

Navigation

[0] Message Index

[#] Next page