Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Test IPS functional
« previous
next »
Print
Pages: [
1
]
Author
Topic: Test IPS functional (Read 15552 times)
deputycag
Newbie
Posts: 14
Karma: 0
Test IPS functional
«
on:
November 30, 2017, 01:56:20 pm »
I have been running IPS inline. Recently added the snort VRT rules. How do you guys test to see if the IPS is blocking rules? I do not see anything in my alerts except the country blocking rules I have setup.
Logged
deputycag
Newbie
Posts: 14
Karma: 0
Re: Test IPS functional
«
Reply #1 on:
November 30, 2017, 02:28:21 pm »
I have tried
http://www.wicar.org/test-malware.html
and tested CVE-2014-6332. These rules are enabled under emerging-exploit.rules and I do not see the alerts at all.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Test IPS functional
«
Reply #2 on:
November 30, 2017, 05:04:33 pm »
the opnsense test ruleset includes EICAR. If IPS is enabled on your LAN (not WAN), it should block the download.
Logged
deputycag
Newbie
Posts: 14
Karma: 0
Re: Test IPS functional
«
Reply #3 on:
November 30, 2017, 05:16:55 pm »
That worked. Blocked. So why is the exploit rules for CVE-2014-6332 not blocking when they are enabled?
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: Test IPS functional
«
Reply #4 on:
November 30, 2017, 05:43:38 pm »
Maybe you have not downloaded them or the rule does not match. Can't tell you from here.
Logged
deputycag
Newbie
Posts: 14
Karma: 0
Re: Test IPS functional
«
Reply #5 on:
November 30, 2017, 05:51:56 pm »
It downloads because my local virus scanner finds it on desktop. So it's passing firewall.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Test IPS functional
«
Reply #6 on:
December 02, 2017, 03:40:14 pm »
You need to tell us more about your setup, specifically your WAN and LAN subnets and how you configured HOME_NET in the intrusion detection (if any).
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Test IPS functional