cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

ips does not detect attack

Hi!

i have ips enbaled balde.

profile is configured to detect all microsoft cve's and attached to GW R 77.30.

i make an attack of ms17-10 with kali and i do not see any log in the log.

license is ok, ips is updated with the latest updates.

in the tracker i can see some ips logs but not the any logs of cve-2017-01...

what is the problem?

Thanks,

Aviv

3 Replies
Admin
Admin

Re: ips does not detect attack

Two questions:

  • Is it actually blocking the attack? If not, then we should probably investigate that independent of what's being logged.
  • Is it just logging something different? Keep in mind that some protections are generic, catching classes of exploits. A screenshot of the logs showing what's being matched will be helpful.
0 Kudos

Re: ips does not detect attack

Hi Dameon,

it is not blocking the attack.

i do not get any ips logs except  log of ip fragments.

0 Kudos
Admin
Admin

Re: ips does not detect attack

Note the protections are not in the Default IPS profile, but they are in the Recommended profile as Detect.

What IPS profile are you using on your gateway and are the relevant protections enabled in that profile?

0 Kudos