3 Replies Latest reply on Apr 6, 2016 4:32 AM by peter.mason

    Testing McAfee NSP after implementation

    unrival

      Hello

      After implementing NSP i had to test it to detect Attacks

      My Sensor deployed in IDS mode and receiving traffic through SPAN port

      So i did Nmap for discovering open ports, DoS (Hping) and Bruteforce (Hyda) attacks using Kali Linux.

      However i did not receive single alert in my NSM how the heck is that possible?

      Any suggestion appreciated. Thanks Kind regards.

        • 1. Re: Testing McAfee NSP after implementation
          peter.mason

          Hi Benjamin,

           

          Are you receiving any alerts from the device at all?

           

          Or are you just not seeing the alerts for the traffic you are generating?

           

          How are you testing? Are you sure your traffic is going across the switch the has the span session?

           

          Peter

          • 2. Re: Testing McAfee NSP after implementation
            unrival

            Hey Peter thanks for respond

            1. I do receive alerts in NSM.

            The DMZ subnet NetFlow configured as SPAN and directed to Switch that connected Sensor, so from threat analyzer i got IP's from DMZ subnet

            2. Yes i dont receive alert for attacks that im making

            3. By doing Nmap port scanning, DoS and Bruteforce

            • 3. Re: Testing McAfee NSP after implementation
              peter.mason

              Hi Benjamin,

               

              Is your Kali machine connected directly to the switch you are spanning? Are your targets also connected to this switch?

               

              When searching for attacks in the threat analyzer are you using the Real Time or Historical Analyzer? The Real Time threat analyzer only shows High and Medium alerts so make sure the attacks are high or medium in your policies or check the Historical TA.

               

              Are you the only one working on this platform and using the Kali machine? Could anyone else have created Ignore Rules r Firewall rules for the Kali machine in NSM?

               

              Peter