NIPS

NIPS Troubleshooting Steps for No Log

April 12, 2024 | NSFOCUS

NIPS aims to accurately monitor abnormal network traffic, automatically blocking various types of aggressive traffic in real-time, particularly application layer threats. It aims to take proactive measures instead of merely providing alerts at the time of or after detecting malicious traffic. When malicious traffic is detected and blocked, a threat log is recorded and displayed […]

NSFOCUS NIPS Brute-Force Protection

March 7, 2024 | NSFOCUS

A brute-force attack involves systematically attempting every possible combination of letters, numbers, and symbols to discover a password. Websites requiring user authentication are susceptible to such attacks. Attackers may begin with dictionary words or slightly modified versions to expedite the process, exploiting common user password practices. These variations are known as dictionary attacks or hybrid […]

NSFOCUS NIPS Packet Playback

February 22, 2024 | NSFOCUS

NSFOCUS NIPS provides the function of reading packet capture files through the monitoring interface. You can analyze network data based on these files. Only interfaces in security zones of the Monitor type can be used to playback data. If no monitoring interface is available, you must configure one first. Choose System > Troubleshooting > Packet […]

How does NIPS Block or Pass a Specific IP Address?

May 30, 2023 | NSFOCUS

Q: How does NIPS block traffic from a specific IP address or allow such traffic to pass? A: From version 5.6R11, NIPS introduces the global blacklist and whitelist. NIPS deems traffic from IP addresses in the global blacklist to be malicious by default and directly blocks such traffic. As for traffic from the allowed IP […]

NIPS V5.6R10 Policy Matching Mechanism

February 3, 2023 | NSFOCUS

The NIPS policy matching mechanism is blocking first. That is, when traffic is matched against all policies, if one policy is matched whose action is set to block, traffic is blocked. When configuring IPS policies, it is recommended that they should not be overlapped. For example, security zones should not be overlapped, and address objects […]

NIPS V5.6R10 Rule Types

January 6, 2023 | NSFOCUS

NIPS V5.6R10 has five types of rules to detect DDoS attacks, local privilege elevation, information gathering, suspicious network behaviors, and network monitoring events, respectively. They are described as follows. 1. Information gathering Information gathering is the first step of network intrusion. Attackers use various methods to scan and probe target hosts and identify paths to […]

Introduction of RESTful APIs for NIPS Version 5610 and 5611

October 28, 2022 | Adeline Zhang

A RESTful API means that API works in REST standard. RESTful API requires the front end to send requests in one predefined format, so the server only needs to use one unified interface to process. NSFOCUS NIPS can use RESTful API to get the device information or change settings. API tools need to be authorized […]

Description of NIPS Discarding Jumbo Frames in MPLS Traffic by Default

August 25, 2022 | Adeline Zhang

When there is MPLS traffic in the network, there may be jumbo frames whose layer 2 packet including the CRC code has a length greater than 1518 bytes. The NIPS network interface card directly discards these jumbo frames by default, causing network failure. Perform the following check on the client side: 1. Test the client-side […]

NIPS Blocklist Implementation and Whitelist Priority

August 4, 2022 | Adeline Zhang

The blocklist is matched based on the source IP address, destination IP address, or a combination of source and destination IP addresses of a packet. The blocklist works for TCP and UDP transport layer packets. That is to say, after an IP address is added to the blocklist, the ping is successful, but transport layer […]

Is NIPS Capable of Blocking SSH Connections?

July 6, 2022 | Jie Ji

The answer is YES! NSFOCUS NIPS can block SSH connections. You may have similar questions, for example, whether Nmap or sqlmap can be blocked by NIPS. The answer is YES, too! These questions can often be resolved by configuring application control profile. Follow these steps to enable SSH connection blocking: Step 1: Click Objects on […]