Now that its pretty clear on how we define our IDP to detect attacks, let us also see how we can turn that off for specific set of applications/traffic/pattern if you wish for, be it the company policy or be it for any other reason (A custom application set which mimics a suspicious behavior and you want it to allow), to put it straight , anything if you think that is good (true-positive) but IDP senses bad and drops (false-positive)



Initially the attack triggered is detected and scan could not get through, here are the outputs just for reference


As we can see above attack was well detected by SRX and its blocking


Lets add a rule-base exempt and see if that bypasses and SRX this time should not detect any of these attacks


Re-scanning will reveal that I am running a Ubuntu machine and scores of Vulnerability options that people might really be interested in πŸ™‚


Always weigh your options especially when you are bypassing anything from Normal IDP, that might prove to be very costly


Rakesh M