Hello!
 

Here is an idea: on the IDS Blocks menu, it would be helpful if there would also be show a list of last X no of blocked IPs. Right now, we can see that an IP is blocked and the time remaining until it will be unblocked, but cannot see any way to get a list of the IPs that were blocked in the past day for example. From our experience, we have brute force attacks that originate from multiple random IPs, but after some time they will try a previously used IP again. So if an IP was blocked at some time, it is highly likely it will try to brute force again.

 

We are monitoring these attacks and filter out the IPs of legitimate users (that forget their passwords and try over and over again with the wrong pass until they get blocked) and add the offenders to rule on our edge firewall, dropping any traffic from these offenders at the gate. This has reduces a lot of useless traffic to our mail server, but the problem is that we need to be constantly watching the IDS Blocks page and peruse the SMTP Logs in conjunction with the Administrative logs.

 

Would it be hard to have a list of last X no of blocked IPs right on that page? Maybe with also an option to download a CSV/XML/XLS/TXT file with a list of all offending IPs?