Results 1 to 5 of 5

Thread: IDS intrusion alerts from blocked IP

  1. #1

    Default IDS intrusion alerts from blocked IP

    I'm getting IDS intrusion alerts from an IP that I put in firewall blocked list.

    Is this a normal behavior?

  2. #2

    Default

    Hello!
    By default any new created rules(Block IP List,...) are disabled for safety reasons. Enable firewall and this rule.

  3. #3

    Default

    Firewall and block IP rule are both enabled.

    I'm running Q2x v.5.2.48
    I have probably over 100 blocked IPs in total including individual filters (blocked by SIP UA) and in manually maintained blocked IP group.

    I'm getting IDS intrusion alerts from an IP that is in enabled firewall block rule.

    Is this a normal behavior?
    Last edited by afuchs; 11-17-2011 at 05:51 PM.

  4. #4

    Default

    Hello!
    Thank you for your good question.
    The problem is that IDS chain is located higher than Blocked IP List in the IP Tables of Quadro.
    So, the incoming packets(attacks) do not reach the Blocked IP List rule.
    From user side this maybe not so expected behaviour, but this is the work of Quadro's IP Tables. Regardless of which rule blocks packets from unwanted sources you can be unworried about your Quadro security.
    Regards,
    Aram

  5. #5

    Default

    Thanks for explaining IP table priorities.

    It would be good if Alert check block table before it sends a false alarm.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Intrusion alert on FXO Gateway
    By sjanssen in forum Troubleshooting and Problems
    Replies: 2
    Last Post: 05-16-2011, 04:00 PM
  2. some internet sites seem blocked
    By paulk in forum Troubleshooting and Problems
    Replies: 5
    Last Post: 01-22-2009, 08:12 AM
  3. Quadro2x remote extension with port 5060 blocked?
    By person in forum Installation
    Replies: 3
    Last Post: 11-06-2008, 01:16 PM
  4. Caller ID Blocked calls Drop on Hold
    By us_noc in forum Troubleshooting and Problems
    Replies: 3
    Last Post: 11-28-2007, 07:41 PM
  5. Blocked UDP
    By lebenton in forum Troubleshooting and Problems
    Replies: 0
    Last Post: 08-17-2006, 10:52 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •