Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [ips]

A Intrusion Prevention System (IPS) is a type of network security system which provides some level of proactive, automated defense against unauthorized access.

50 questions
11
votes
1 answer

Snort is receiving traffic, but doesn't appear to be applying rules

I have snort installed and running in inline mode via NFQUEUE on my local (as in I can walk in the next room and touch it) gateway. I have the following rule in my /etc/snort/rules/snort.rules: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS…
Cliff Armstrong
  • 172
  • 1
  • 11
7
votes
8 answers

What is the best Web Application Firewall for IIS?

What is the best Web Application Firewall(WAF) for IIS? What makes it better than the others? How useful is it at blocking attacks against poorly written code, otherwise known as an Intrusion Prevention System (IPS)? WAFs are required by the…
Rook
  • 2,615
  • 5
  • 26
  • 34
5
votes
8 answers

File transfer problems through VPN when Cisco IPS is enabled

We have a Cisco ASA 5510 firewall with the IPS module installed. We have a customer that we must connect to via VPN to their network to exchange files via FTP. We use the Cisco VPN client (version 5.0.01.0600) on our local workstations, which are…
Richard West
  • 2,968
  • 12
  • 42
  • 49
3
votes
1 answer

Solaris IPS: pkg dependency errors bear no relation to actual issue / how best to diagnose IPS dependency failures?

I am running Solaris 11.3 (at present from the non-contract Release repo). I have a large amount of Solaris 10 experience, but I am newer to 11 and am still working on getting confident with IPS. My issue is that I regularly find I have severe…
TheBloke
  • 65
  • 6
3
votes
1 answer

Solaris 11.3 non-global zones not inheriting IPS facet changes (to version-lock)

I have a Solaris 11.3 system without (presently) a support contract. I am therefore using the IPS repository at http://pkg.oracle.com/solaris/release/, which I have now mirrored locally using pkgrecv. I am using pkg change-facet to change…
TheBloke
  • 65
  • 6
3
votes
2 answers

is there any real Difference between snort and suricata?

Looking to move forward in deploying IDS/IPS on several FreeBSD firewalls and I was curious about the difference between snort and suricata. I know that Suricata is multi-threaded but in terms of rule processing and other how they work is there any…
Jason
  • 3,821
  • 17
  • 65
  • 106
3
votes
1 answer

(network.c.379) can't bind to port: 80 Address already in use

I have one server running both apache and lighttpd on two separate IPs. After rebooting the server I can't access the stuff on lighttpd: /etc/init.d/lighttpd restart (network.c.379) can't bind to port: 80 Address already in use
chonko
  • 41
  • 1
  • 1
  • 2
3
votes
6 answers

How to manually download individual files from the OpenIndiana (or Solaris) pkg repo?

For a server in an offline environment, how would I download a package from http://pkg.openindiana.org/dev? (or the better known http://pkg.oracle.com) There is an install link which downloads a p5i file, with machine readable download information,…
700 Software
  • 2,163
  • 9
  • 47
  • 77
3
votes
3 answers

Blocking Team Viewer

I'd like to block incoming TeamViewer connections to my network, but at the same time to allow outgoing TeamViewer connections. So that users can't connect to their work PCs with TV (circumventing domain authentication) but at the same time could…
Hubert Kario
  • 6,351
  • 6
  • 33
  • 65
2
votes
0 answers

Suricata logs "A Network Trojan was detected". Is it false positive?

I use the Suricata as IDS on the local network that it doesn't the internet. It logged a few alerts from some clients that said A Network Trojan was detected. All log's properties are in the following: Protocol: 006 Source: Client IP Destination:…
AlirezaK
  • 316
  • 3
  • 20
2
votes
1 answer

Cisco ASA v.s. pfSense - How packet inspection works with VPNs

We have a small office, about 75% of our infrastructure is cloud based including a pfSense deployment we use for remote access and site to site connections which is currently public facing. We've decided to deploy a Cisco ASA with Firepower support…
dcd018
  • 131
  • 4
2
votes
1 answer

Can Suricata be used as an effective IPS on a single server?

I've been looking for an effective intrusion prevention system (IPS) for an Ubuntu 14.04 server, something like what Symantec or F-Prot might offer for a Windows server. I've contacted major companies which say they support products for Ubuntu and…
Christopher Hinkle
  • 36
  • 5
2
votes
1 answer

fail2ban regex working but no action being taken

I have the following snippet of fail2ban configuration on Ubuntu 13.10 server: #jail.conf [apache-getphp] enabled = true port = http,https filter = apache-getphp action = iptables-multiport[name=apache-getphp, port="http,https",…
fpghost
  • 663
  • 1
  • 10
  • 22
2
votes
4 answers

Simple application level file integrity monitoring & Intrusion detection (IDS)

We've been searching for a simple file integrity monitoring solution on CentOS/Linux that will work on the application level. We are not looking for OS/network level IDS as OSSEC and the others do a pretty good job at that. We have looked at…
Dev
  • 21
  • 2
2
votes
1 answer

trying to figure out how to bridge two virtual networks together and in turn bridge that to the internet for a virtual inline IDS/IPS system

I'm trying to figure out how to bridge two vmware (server or workstation, workstation) or virtualbox networks together with a linux IDS/IPS system transparently inline between both the virtual networks. How do I accomplish this? I understand how to…
Tony robinson
  • 21
  • 2
1
2 3 4