Project

General

Profile

Actions
Copy link

Feature #3768

closed

Snort IPS/IDS

Added by Slava Bendersky over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
07/21/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Hello Everyone,
I would like ask add timer (in minutes) for blocked IP in snort.
That timer will drop the drop rule after mention amount of time in minutes.

This will allow minimize attempts block good traffic and false positive as well.

Example:
Where in webui check mark for "Checking this option will ....." add another small text box which will be possible specify for how long offender will be blocked in minutes.

Thank you in advance.

Actions
Copy link
 #1

Updated by Bill Meeks over 10 years ago

This feature already exists in the Snort package, but the setting is global and is located on the GLOBAL SETTINGS tab. Near the bottom of that page in the General Settings section is a drop-down selector for "Remove Blocked Hosts Interval". This settings controls a cron job which removes blocked IPs from the packet filter table.

So blocking the IP of offenders is enabled/disabled on a per-interface basis, but the clearing of blocked hosts interval is a global setting affecting all interfaces.

Actions
Copy link
 #2

Updated by Chris Buechler over 10 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF