Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort ET scan detectors only half way working

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 1 Posters 554 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JonathanLeeJ
      JonathanLee
      last edited by

      Hello fellow Netgate community,

      I am running into a new issue can you please help? Something has disabled the ET emerging threats scan options for nmap scans and other scans that would show blocked every couple days. Recently I have not seen any. Has anyone else noticed that ET scans are no longer detected and being stopped at the firewall level?

      Normally when the firewall sees a scan it will block the IP address of it's origin. I get many of them from out of the country with blocks of IP address matching other nation states.

      The system seems to prune parts of snort automatically. The firewall is no longer blocking the scans of my firewall.

      Make sure to upvote

      JonathanLeeJ 1 Reply Last reply Reply Quote 0
      • JonathanLeeJ
        JonathanLee @JonathanLee
        last edited by JonathanLee

        @jonathanlee the baseline has about 3 every morning that show and about 2 in the day time.

        Screen Shot 2022-05-10 at 7.22.09 AM.png

        Image: I use to see a lot more nmap scans caught during the night

        Make sure to upvote

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.