July 21st, 2006, 03:38 AM
Snort IDS Question
I hope I word this correctly.
I am running IPcop firewall and I always see a lot of garbage traffic coming from over seas. I see a lot of misc MS-SQL attacks from the same range of IPs. I got tired of seeing them and decided to drop packets from entire continets.
I did "iptables -A INPUT -s 18.104.22.168/8 -j DROP" for a bunch of other ip ranges.
I thought that by droping the packets the IDS would ignore all the attack attempts but it still shows up on the IDS logs.
Is that normal?