IDS Blocks need a Time/Date Stamp and a countdown clock to expiration
Idea shared by network admin - 3/14/2017 at 12:56 PM
I look at the IDS blocks daily.  It gives me some idea of the abuse level my server is dealing with.  I can also look at patterns in the IP net blocks to see if perhaps an entire Class C or Class B IP network needs a broad SMTP timeout. Many China networks are a good example.  In looking at the IDS blocks I think there is some critical data missing.  A time/date stamp of the original abuse and a expiration date based on the time you have set for your IDS rules (25 days = 36000 seconds).  I believe that this additional information would make it easier to make decisions regarding the IDS blocks.   This makes even more sense to me when you consider that IDS Blocks are reset on system reboots as well as on the expiration date.    

Reply to Thread