Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Expose "Corporate Policy Violation" IPS rules via the Attack Pattern groups

Currently, there are many IPS rules in 9.x that do not seem to be exposed via the Attack Patterns page.

Many of them have following in their descriptions:
"Classification.: Potential Corporate Privacy Violation"

These include rules which block SKYPE, BitTorrent, etc.

ISTM that it doesn't make sense to have these hidden away, or even have them at all since we already have the Application Detection system.

links:
http://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/43598-pua-p2p-bittorrent-utp-peer-request-2.html#post215116

http://www.astaro.org/gateway-products/network-protection-firewall-nat-qos-ips/47541-ips-bittorrent-rules-id-disable.html

https://www.google.com/search?q=corporate+policy+violation+site%3Aastaro.org+ips+OR+snort

Please put these (and other hidden rules) into groups on the Attack Patterns page, and/or remove ones which are redundant with the application traffic classifier.

33 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    BGBG shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • SethSeth commented  ·   ·  Flag as inappropriate

        I do love the product but having 3 children each with a computer and 3 different gaming consoles it gets a bit cumbersome finding each of the rules I need to configure to let them play all their favourite games. Thanks again. Seth

      • Claus GratzlClaus Gratzl commented  ·   ·  Flag as inappropriate

        This behaviour is very annoying for us as as well. We would really appreciate a more powerful interface to control the IDS rules. The current interface is really not enterprise-grade for IT professionals, it looks more like the interace of a consumer product.

      Feedback and Knowledge Base