Page 1 of 2 12 LastLast
Results 1 to 10 of 15
  1. #1
    Master Untangler scot1967's Avatar
    Join Date
    Jan 2008
    Posts
    293

    Smile Attack Blocker (What is it Blocking?)

    I have made this suggestion before I think but it may not have generated enough interest in the community to be implemented.

    I think it would be great to see a more detailed Attack Blocker report. I would like to see what the attack blocker is blocking. Just a list of ports and IP addresses would be great. Can it be done?

    I'll post this out on the networking forum with a poll to see if anyone else agrees.

    Thanks for a great product!
    PCMonk
    Keeping the network safe one obsessive compulsive quirk at a time.

  2. #2
    Newbie
    Join Date
    Jun 2009
    Posts
    13

    Default

    Seconded.

  3. #3
    Untangle Ninja
    Join Date
    Jul 2008
    Posts
    1,058

    Default

    It shows some internal IP's with a rating for them. What is the rating? What caused the rating? Missing a lot of info.

    Lannie

  4. #4
    Newbie
    Join Date
    Jun 2009
    Posts
    13

    Default

    ::bump::

  5. #5
    GAD
    GAD is offline
    Newbie
    Join Date
    Jun 2009
    Posts
    2

    Default

    I'd have to agree. This is a real weakness in the reporting in many of the modules. Something as simple as:

    00:00:15 192.168.5.5 Blocked [ping flood] attack would be HUGE.

    Telling me that something was blocked doesn't help me at all without any detail. If I have an infected machine inside, I'd like to have a clue as to what is going on.

    Might as well have a firewall that says "Network attacks defeated - all secure".

    GAD

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    The attack blocker's largest job is to keep your internal clients within the 10k session limit imposed by the linux kernel.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Untangle Ninja
    Join Date
    Jan 2009
    Posts
    1,186

    Default

    I ran across UT when looking into throwing some ids's together for a couple of clients. It looked like an interesting package and it supposedly included ids/ips. After throwing one in behind a evdo gateway I quickly came to the impression, that the developers were patting me on the head and saying: "there, there young man, we've taken care of everything, don't worry your pretty little head......"

    It kinda ridiculous that I get far more useful information from the spi fw logs on the evdo gateway in front of the UT, in realtime, than we'll ever see from the UT box, like the directed port probe from a Chinese university ip range last week.

    The the fact that the attack blocker interferes with a company owners pc because he's on youtube and the nis09 decides to update is ridiculous, it's ridiculous because he's no where near the session limit, and I have no background info to fix it, other than to raise his ip to router level, which is a ridiculous fix.

    UT is a Great package, that's why mine are still in play currently, but it's like it was built for the home user and marketed to the smb.

    I have more on my plate than IT, so I expect stuff to work in a relatively conventional manner and I, like most small business players have neither the time nor resources to screw around with stuff that works like magic, but doesn't really output the expected results.

    I'm currently putting stuff together that will tell me what's going on in the network, in a timely fashion, because that's what business needs, and when I'm done, I'll may very well be using the boxes I built for UT for these other solutions......

  8. #8
    Untangle Ninja
    Join Date
    Jul 2008
    Posts
    1,058

    Default

    Ut is a great product but it does lack a lot of live realtime monitoring information. I hope this is something they will be trying to fix. Not add or update, fix.

    Lannie

  9. #9
    Untangler
    Join Date
    Jan 2009
    Posts
    31

    Default

    Quote Originally Posted by lschafroth View Post
    Ut is a great product but it does lack a lot of live realtime monitoring information.
    Very true...
    This is a major requirement in my organization....

  10. #10
    Untangler
    Join Date
    May 2009
    Posts
    43

    Default

    Agree completely. The Attack Blocker is either mislabeled or retarded or more likely, both.

    Not sure WTF it is doing, but pretty sure it's not blocking any "attacks".

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2