Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1108
Views
0
Helpful
0
Replies

FTD lab - Security intelligence testing failures

00unjx1n1BGc107tR5d6
Level 1
Level 1

‎11-29-2021 09:42 AM

Hey everyone,

I'm running into some issues with my testing and I'm hoping someone can assist me with this as I'm a little lost.

First problem I've come across. 

I'm browsing the security intelligence feed that's in var/sf/iprep_download/Sourcefire_intelligence_feed and I've been initiating some telnet sessions to those addresses using port 80. For some random addresses I've been able to initiate a connection via telnet or port 80. Any idea why, I thought this was a list of blocked addresses?

The second problem I have is that I'm able to run a tor browser without any issues, even though I have security intelligence enabled and tor_exit_nodes should be blocked. The strange thing is, I'm not seeing any connection events at all when I use a tor browser. I've run a packet capture to obtain the exit node I'm using, and I can see it's in a publicly shared exit node list.

I also tried setting up a rule that explicitly blocks TOR, TOR exit nodes and it's still not working.

Any ideas what I'm doing wrong? I've attached some screenshots to assist with this.

Thank you

Preview file
239 KB
Preview file
159 KB
Preview file
147 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card