Hello All,
Sorry if this has been posted before I have been searching everywhere and can not locate any help for my problems. Sorry also if this is not the appropriate forum for this topic.
We are demoing the endpoint protection software against MS Forefront and I am having problems with Symantec's IPS app in the suite, it is not blocking any brute force attempts on the ftp server - I can monitor the traffic and see it going through the symantec software but someone could be connected all day trying a multitude of login credentials to try to authenticate against the ftp server - symantec never blocks or bans these IPs. mostly these are coming from China.
If I turn on the hardware firewall and run our normal setup the problems are resolved but in testing the endpoint software as a backup solution or 2nd line of defense it completely ignores these brute force attacks.
I have made sure the firewall is running, made sure all the applicable options in IPS are selected I even envoked the Peer to Peer connection timeout requests and the symantec software just never does anything about this traffic. Heck the monitors don't even show it as an attack and isn't even logged.
Also,
If I do packet flooding like UDP floods against the server with the endpoint software it doesn't block the offending IP it continues to let the UDP attacks in.
I have the standard firewall rules set (OOB) can someone please explain what I am doing wrong or if the software is not supposed to prevent these kinds of attack. Any help would be appreciated, thanks!
Mike A.