User guide
Chapter 9: Configuring Other Intrusion Prevention Settings
92
Managing Quarantined Intrusions
Introduction The Quarantined Intrusions page shows quarantine rules dynamically generated in
response to detected intruder events. When quarantine response is enabled, the rules
specify the packets to block and the length of time to block them. They prevent worms
from spreading, and deny access to systems infected with backdoors or trojans.
Important: You can view or remove Quarantined Intrusions only through Proventia
Manager.
Quarantine rules
columns
You can view the following information on the Quarantine Rules tab:
Note: An asterisk * in a field means that the rule is ignoring that part of the rule.
Viewing quarantine
rule details
To view quarantine rule details:
1. In Proventia Manager, select Intrusion Prevention
ÆQuarantined Intrusions.
2. On the Quarantined Rules tab, select a rule, and then click Display.
3. Click OK to return to the Quarantined Rules tab.
Removing
quarantine rules
To remove quarantine rules:
1. In Proventia Manager, select Intrusion Prevention
ÆQuarantined Intrusions.
2. Select the quarantine rule from the Rules table, and then click Remove.
3. Save your changes.
Field Description
Source IP
Source IP address of packets to block
Source Port Source port number of packets (if protocol is 6 or 17) to block
Dest IP Destination IP address of packets to block
Dest Port Destination port number of packets (if protocol is 6 or 17) to block
ICMP Type ICMP type of packets (if protocol is 1) to block.
ICMP Code ICMP code number of packets (if protocol is 1) to block
Protocol IP protocol of the rule (ICMP=1, TCP=6, UDP=17)
Expiration Time Rule’s expiration time
Block Percentage Percentage of packets that are dropped (use values less than 100% to
lessen the impact of some denial-of-service attacks)
Table 32: Quarantine rules columns