Author Topic: "HTTP- Brute search attempt" attack with "accepted" action  (Read 2661 times)

hedyeh

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
"HTTP- Brute search attempt" attack with "accepted" action
« on: January 05, 2012, 01:18:04 am »
Hi,
i defined a policy for "HTTP- Brute search attempt" with "close client" action. traffic match with this policy (i can see the log in the log viewer) but for many connections match with this rule, logs shows the "accepted" action instead of "close client" .  it seems "close client" action apply randomly.
i'm not sure it's because of screenos (my device is ISG2000+IDP) bug or some miss configuration.

thanks
Hedyeh