Re: ips does not detect attack

Aviv_Hassidim · ‎2018-06-27

Hi!

i have ips enbaled balde.

profile is configured to detect all microsoft cve's and attached to GW R 77.30.

i make an attack of ms17-10 with kali and i do not see any log in the log.

license is ok, ips is updated with the latest updates.

in the tracker i can see some ips logs but not the any logs of cve-2017-01...

what is the problem?

Thanks,

Aviv

PhoneBoy · ‎2018-06-27

Two questions:

Is it actually blocking the attack? If not, then we should probably investigate that independent of what's being logged.
Is it just logging something different? Keep in mind that some protections are generic, catching classes of exploits. A screenshot of the logs showing what's being matched will be helpful.

Aviv_Hassidim · ‎2018-06-27

Hi Dameon,

it is not blocking the attack.

i do not get any ips logs except log of ip fragments.

PhoneBoy · ‎2018-06-28

Note the protections are not in the Default IPS profile, but they are in the Recommended profile as Detect.

What IPS profile are you using on your gateway and are the relevant protections enabled in that profile?

Are you a member of CheckMates?