Results 1 to 5 of 5
  1. #1
    Untanglit
    Join Date
    Aug 2018
    Posts
    25

    Default Newbie Question:what are these events?

    I am relatively new to Untangle and decided to turn on Intrusion protection to see what is does exactly.
    (since it remained a bit 'mystical' from the available documentation)

    I am running Untangle as router/gateway behind an ISP provided modem (so yes... double NAT … I know).
    Now I am getting hundreds of events per day (categorized as below)

    Intrusion.JPG

    What could these events be considering Untangle is behind a router?
    They seem to come from all sorts of internal devices. Should I be worried?

    And does it make sense to use Intrusion protecion at all in my situation?

  2. #2
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    557

    Default

    The IPS app is very hands on and has a learning curve. Unless you have port forwards, the almost unanimous consensus here is that the IPS app is bringing you no benefit, especially in your case.

    In any case, the local network will create a large volume of detection noise—false positives—through normal behavior. (Part of the learning curve is being able to separate the wheat from the chaff through reading the reports.) What you’re seeing is almost certainly generated internally and nothing to worry about.

  3. #3
    Master Untangler
    Join Date
    May 2008
    Posts
    772

    Default

    It is supposedly going to be changed completely in the next version. So not much point learning it now.

  4. #4
    Master Untangler
    Join Date
    Feb 2016
    Location
    Michigan
    Posts
    557

    Default

    True in a sense. Understanding how rule/signature-based false detections work might still apply. I guess time will tell.

  5. #5
    Untanglit
    Join Date
    Aug 2018
    Posts
    25

    Default

    Ok tnx!
    I’ll turn it off for now.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2