Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
batmunkh_unubuk
Contributor

any sources scanning and attack to my network

any sources scanning and attack to my network.  they are always replacing source address.  how can i block or prevent for them? 

i want below 2 ways prevention. 

1. if first time detect any infect source ip then i will automatically block 1 hour or 24 hours

2. i want block or prevent for risk level. 

3 Replies
PhoneBoy
Admin
Admin

Presumably you could write a script to watch logs and/or use triggers in SmartEvent to do this, depending on your definition of an "attack."

However, this could be especially problematic for non-TCP traffic, as that's trivial to spoof and could open yourself up to a denial of service.

batmunkh_unubuk
Contributor

for example my ips critical signatures first time detected then after can i block this detected source by schedule? is it possible? plese see below picture right?

0 Kudos
PhoneBoy
Admin
Admin

You can make the automatic reaction in this case a script that executes fw samp to block the IP address.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events