I'm a bit puzzled as all the IDS (snort) on IPCOP does is monitor suspicious activity based on the currently installed snort rules. (
). It does not actually control or filter web access. A wild guess may be that there may be so much malicious activity going on that the logging is affecting the performance of your IPCOP. Are you running IPCOP on a very low spec machine?
As to whether to enable IDS on RED or GREEN. I would definitely enable on RED. If you suspect internal malicious activity, you can also enable on GREEN.
Re: IDS on RED, GREEN, ORANGE
13 years 4 weeks ago #8990
I narrowed down the problem to a bad or to big black list used with urlfilter. I had uploaded a 10MB list. I then uploaded a list from the university of tolouse, which is abou 3MB, and now everything is working fine.