Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Aviv_Hassidim
Explorer

ips does not detect attack

Hi!

i have ips enbaled balde.

profile is configured to detect all microsoft cve's and attached to GW R 77.30.

i make an attack of ms17-10 with kali and i do not see any log in the log.

license is ok, ips is updated with the latest updates.

in the tracker i can see some ips logs but not the any logs of cve-2017-01...

what is the problem?

Thanks,

Aviv

3 Replies
PhoneBoy
Admin
Admin

Two questions:

  • Is it actually blocking the attack? If not, then we should probably investigate that independent of what's being logged.
  • Is it just logging something different? Keep in mind that some protections are generic, catching classes of exploits. A screenshot of the logs showing what's being matched will be helpful.
0 Kudos
Aviv_Hassidim
Explorer

Hi Dameon,

it is not blocking the attack.

i do not get any ips logs except  log of ip fragments.

0 Kudos
PhoneBoy
Admin
Admin

Note the protections are not in the Default IPS profile, but they are in the Recommended profile as Detect.

What IPS profile are you using on your gateway and are the relevant protections enabled in that profile?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events