IDS and countries exceptions
Idea shared by Sébastien Riccio - 2/9/2024 at 11:05 AM

Quite often, when a user in a customer office reconfigure his mail client and use a wrong password, it ends up with the whole office shared public IP address being temp ban by the IDS.

Some times they aren't even able to locate which device is causing the IDS block so we have to whitelist it so the other office users aren't affected.

As most of our customers are local to our country, I thought that being able to add an exception for a country, for the IDS bans, would be quite useful. Most real attacks are from foreign countries...

Okay the bad guys could use a VPN to do their bruteforce attacks from an IP located in local country but still, from experience it seems they rarely do this (yet).

As the IDS is already able to identify and list the country of the IP being temp ban, it shouldn't be a huge issue to add some exceptions there ?

Any thoughts ?

Kind regards.
Sébastien Riccio
System & Network Admin

Reply to Thread