Rulebase Exempt – Continuing from the Previous Post
Nov 15
jncie-security srx No Comments
Hi,
Now that its pretty clear on how we define our IDP to detect attacks, let us also see how we can turn that off for specific set of applications/traffic/pattern if you wish for, be it the company policy or be it for any other reason (A custom application set which mimics a suspicious behavior and you want it to allow), to put it straight , anything if you think that is good (true-positive) but IDP senses bad and drops (false-positive)
Topology
Initially the attack triggered is detected and scan could not get through, here are the outputs just for reference
As we can see above attack was well detected by SRX and its blocking
Lets add a rule-base exempt and see if that bypasses and SRX this time should not detect any of these attacks
Re-scanning will reveal that I am running a Ubuntu machine and scores of Vulnerability options that people might really be interested in 🙂
Always weigh your options especially when you are bypassing anything from Normal IDP, that might prove to be very costly
Regards
Rakesh M