SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2020-02-19 07:04 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0003850 | Endian Firewall | Intrusion Prevention | public | 2011-06-03 10:06 | 2011-08-19 14:11 | ||||||
| Reporter | ardit-endian | ||||||||||
| Assigned To | |||||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||||
| Status | feedback | Resolution | open | ||||||||
| Platform | OS | OS Version | |||||||||
| Product Version | 2.4 | ||||||||||
| Target Version | Fixed in Version | ||||||||||
| Summary | 0003850: SNORT isn't blocking RDP | ||||||||||
| Description | Going to : Services => Intrusion Prevention, editing auto/emerging-policy.rules (Search with RDP) and setting drop for all this three rules, just as shown in the screenshot, the RDP works without problem, instead of dropping the RDP requests and responses. On outgoing the rule for my IP is set to Allow with IPS. | ||||||||||
| Additional Information | 2.4 full up to date mini. NOTE: didn't check if the packets were really hitting SNORT chain or not. | ||||||||||
| Tags | purple | ||||||||||
| Attached Files |  rdp-drop.png [^] (41,283 bytes) 2011-06-03 10:10
| ||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0006872) luca-endian (developer) 2011-07-01 12:51 |
> NOTE: didn't check if the packets were really hitting SNORT chain or not. If you want to drop RDP protocol you must get the traffic to RDP port pass through snort. In this case why not just close the port? :) The real use would be to force all the traffic (any destination port) through snort and then snort should be able to detect RDP protocol even if the port is not the default one. By default not all the traffic (outgoing or incoming) is passing through snort that's probably the reason why it seems not to work. |
|
(0007326) tiagoaviz (reporter) 2011-08-19 14:11 |
My idea of use would be to prevent people on my network from acessing RDP servers on alternate ports without my consent. In my case, all outbound traffic is going through snort. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011-06-03 10:06 | ardit-endian | New Issue | |
| 2011-06-03 10:07 | ardit-endian | Summary | SNORT is blocking RDP => SNORT isn't blocking RDP |
| 2011-06-03 10:09 | ardit-endian | Tag Attached: purple | |
| 2011-06-03 10:10 | ardit-endian | Additional Information Updated | |
| 2011-06-03 10:10 | ardit-endian | File Added: rdp-drop.png | |
| 2011-07-01 12:51 | luca-endian | Note Added: 0006872 | |
| 2011-07-01 12:51 | luca-endian | Note View State: 6872: public | |
| 2011-07-01 12:52 | luca-endian | Status | new => feedback |
| 2011-08-19 14:11 | tiagoaviz | Note Added: 0007326 | |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |