Highest Voted 'ips' Questions - Server Fault Stack Exchange

2

votes

1 answer

iptables traffic redirection for multiple public ips

On my linux machine I have: - one physical interface eth0 with the public ip x.x.x.x - one logical interface eth0:0 with the public ip t.t.t.t - BIND DNS listening to t.t.t.t If I ping t.t.t.t from any other place, it responds back, so that's…

iptables bind ips

asked Jun 18 '10 at 18:11

w00t

1,164
3
19
35

1

vote

1 answer

IPS for web application in Kubernetes

We have an application hosted in Azure under Kubernetes. In a security compliance document shared with us, there are multiple points mentioning about implementation of an IPS (Intrusion Prevention System). I understand the features and security…

kubernetes ips compliance

asked Nov 04 '19 at 10:47

Anonymous Platypus

121
5

1

vote

1 answer

Snort not sniffing any traffic except it's own

I'm currently trying to set up Snort on my local machine. At the moment I have 3 VM's: 1 with snort on it and 2 used to ping eachother. Whenever I ping from one of the devices to the Snort-machine, Snort notices it and sends an alert. However, when…

networking security snort ids ips

asked Jan 03 '19 at 08:07

Sander Willems

13
3

1

vote

1 answer

Intrusion Detection/Prevention in AWS

On a normal server, I would have fail2ban handle intrusion detection; how would I go about setting up IDS/IPS on AWS? Any help or pointers would be appreciated.

amazon-web-services ids ips

asked Oct 25 '16 at 02:00

Cenoc

217
1
12

1

vote

1 answer

I can access http, https on server, but can't ping the server behind sonicwall tz500

I am not sure if this is possible or not. I have set up some web servers and ftp servers that are statically NATted behind a sonicwall tz500. I can access all via ftp, http, https. I have included ping in the access & nat rules, but the servers…

http ping sonicwall ips

asked Oct 31 '15 at 01:27

user202243

13
4

1

vote

1 answer

Stateful Signatures in an IPS

I am researching in-line IPS devices and their signatures both stateful and stateless. The test network I am looking to implement the IPS in has asymmetric traffic so stateful inspection would be nearly impossible. What percentage of threats can…

ids ips

asked Mar 23 '12 at 15:04

SomethingSmithe

113
2

1

vote

2 answers

Adding a host to Cisco IPS Never Block List

We are running a Cisco ASA 5510 with the IPS module. We have an internal server that is preforming a lot of SNMP discovery scans and is being blocked and shutdown by the IPS. Since I'm in control of this server, and this is an expected behaviour I…

cisco ips

asked Jun 08 '09 at 20:44

Richard West

2,978
12
44
49

1

vote

1 answer

Cisco ASA 5510 w/ AIP SSM - Can it inspect SSL traffic?

Is is possible for a AIP module within a Cisco 5510 ASA to decrypt and inspect SSL traffic? I have asked my local vendor (who placed the devices of which I speak) and they say that the AIP module is incapable of reviewing encrypted content. I work…

ssl cisco certificate cisco-asa ips

asked Dec 08 '10 at 16:23

moniker

85
5

1

vote

2 answers

Web server hosting infrastructure, does IPS help?

I am working on setting up new networking for datacenter hosting a web site. We have following topology Internet -> Firewall1 -> ReverseProxy(for security) -> Web Server -> firewall2 -> databse Firewall is linux iptables hardened We do not have any…

networking firewall ids ips

asked Aug 27 '10 at 19:49

mamu

342
1
7
18

1

vote

1 answer

unable to get Honeynet Snort Inline Toolkit

I have to deploy a Snort based intrusion prevention system. I am total newbie in this, so any kind of help , references for starters would be highly appreciated. Also snort documentation talks about Honeynet Snort Inline Toolkit, but the available…

linux snort ips

asked Feb 10 '10 at 14:44

Ashish Sharma

233
1
9

1

vote

3 answers

Does it make sense to augment WAF (Web Application Firewall) with an IPS (Intrusion Prevention System)?

Following scenario: Web application, only HTTP/S traffic Firewall in place to only allow traffic on port 80/443 in WAF is in place, set to deny malicious traffic Question: Is there any added value in this scenario to also have an IPS / Deep…

networking ips web-application-firewall deep-packet-inspection

asked Nov 30 '21 at 16:09

silent

432
4
19

1

vote

0 answers

Application role in preventing DDOS

I have an application that is being planned to be exposed to internet clients via a reverse proxy deployed in the DMZ, . I have recommended that the deployments use WAF/Cloudflare along with this to secure the application. However iam not sure how…

firewall ddos cloudflare ips utm

asked May 14 '21 at 12:52

computinglife

111
5

1

vote

0 answers

Suricata-update doesn't apply modify rules consistently

I have the following /etc/suricata/modify.conf file: ## Reject by classtype re:classtype:\s*attempted-user "alert(.*)" "reject\\1" # high Attempted User Privilege Gain re:classtype:\s*unsuccessful-user …

regex ips

asked Mar 04 '20 at 18:54

Cliff Armstrong

172
1
11

0

votes

0 answers

Use Snort 2.9 rules for Snort 2.8.6

Unfortunately Snort doesn't release rules update 2.8.6 since 2017. All customer should upgrade to 2.9. But 2.9 is X64 and my OS is Fedora X86. I need to update my Snort 2.8.6 signatures. Is there any source to get update or any solution that convert…

snort rules ids ips

asked Feb 02 '19 at 11:18

Peeter Johnson

1

0

votes

1 answer

Is it a good idea to point two dns hosts over four servers

I'm trying to add two more DNS servers to our pool to have more reliability under load and avoid losing visitors due to attacks or hardware issues. Since we have many websites setup to point at ns1.domain.com and ns2.domain.com, I've been wondering…

domain-name-system bind host ips

asked Jun 24 '18 at 17:34

kuteninja

1
3

Questions tagged [ips]