CastleCops® NIPS log

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

Forum FAQ

Usergroups

Profile

Select FavForums

NIPS log

All -> FavForums -> Sunbelt KerioPF

[del.icio.us!] [digg it!] [reddit!]

View previous topic :: View next topic

Author

Message

orange2

Cadet
Cadet

Joined: Sep 30, 2006
Posts: 5
Location: UK

Posted: Tue Oct 31, 2006 9:10 pm Post subject: NIPS log

I'm presently running a trial version of KPF v.4 and trying to get to understand it. I've just noticed, having read the post by StarStuff recently, that there is a NIPS entry: Description -BAD-TRAFFIC tcpport0traffic Source of attack-adsl-84-226-159-138.adslplus.ch Action - permitted Can somebody explain what on earth all that means! If it was actually "bad" traffic why was it permitted?

Graham1

Captain
Captain

Joined: Dec 21, 2005
Posts: 340

Posted: Tue Oct 31, 2006 9:47 pm Post subject: Re: NIPS log

orange2 wrote:

Can somebody explain what on earth all that means!

See link below:-
http://www.snort.org/pub-bin/sigs.cgi?sid=524

Quote:

If it was actually "bad" traffic why was it permitted?

Check your nips settings (intrusion module). By default, SKPF4 permits low intrusions. You can change to deny but if this causes any problems, you can always change back again.

Smile

orange2

Cadet
Cadet

Joined: Sep 30, 2006
Posts: 5
Location: UK

Posted: Tue Oct 31, 2006 9:56 pm Post subject:

Thanks Graham1. You led me into another tab which I hadn't previously investigated. Also had a look at that website. To a newbie like me it's frightening!

Graham1

Captain
Captain

Joined: Dec 21, 2005
Posts: 340

Posted: Tue Oct 31, 2006 10:11 pm Post subject:

orange2 wrote:

Also had a look at that website. To a newbie like me it's frightening!

As long as you setup SKPF4 correctly, you shouldn't have anything to worry about.

Smile

orange2

Cadet
Cadet

Joined: Sep 30, 2006
Posts: 5
Location: UK

Posted: Tue Oct 31, 2006 10:31 pm Post subject:

Graham1, it's getting the firewall set up properly that's worrying me!

Graham1

Captain
Captain

Joined: Dec 21, 2005
Posts: 340

Posted: Tue Oct 31, 2006 11:59 pm Post subject:

orange2 wrote:

Graham1, it's getting the firewall set up properly that's worrying me!

. Any problems, post back.

Smile

	All -> FavForums -> Sunbelt KerioPF	All times are GMT
Page 1 of 1

You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


	2002-2008 � Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 162ppm 0.272s (0.049s) Making cybercriminals unhappy since 2002*