Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

PB#1052: IPS Reputation Policy Enforcement

    • Updated:
    • 1 Aug 2018
    • Product/Version:
    • TippingPoint ThreatDV
    • Platform:
Summary
A number of issues have been identified in the Reputation and GEO filtering feature on the IPS.
Details
Public
Product Bulletin #: 1052

Subject: IPS IP Reputation Policy Enforcement Issues

Date of Announcement: September 3, 2015

Date of Update: October 2, 2015

Summary: A number of issues have been identified in the Reputation and GEO filtering feature on the IPS. These issues are related to how the IPS engine handles the caching of Reputation and GEO IP addresses, and can manifest in the following incorrect behaviors:
  •  IPS does not consistently block Reputation or user defined IP entries
  •  IPS does not consistently block GEO based filters
  •  IPS does not honor reputation filter precedence
  •  Inconsistent Reputation events when using Reputation filters with a permit + notify action
Technical Root Cause

The reputation engine needs to check every IP packet's source and destination IP address against a potentially very large database of ThreatDV reputation, manual reputation and Geo-location IP addresses. To optimize this for scalability and performance, a caching mechanism is implemented which caches IP's between the data-plane (fast but smaller) and the control-plane (slower but larger). Addressing issues found in the caching mechanism resolves the reputation behavior highlighted above.

Affected Products and Versions
TOS VersionProducts
3.6.4 and earlierS10, S110, S330
3.8.0 and earlierS660N, S1400N, S2500N, S5100N, S6100N
S2600NX, S5200NX, S6200NX, S7100NX, S7500NX

Recommended Actions
  • S10, S110 and S330 customers who use Reputation or GEO filtering feature should upgrade to TOS 3.6.5 at their earliest convenience, for information on TOS v3.6.5 please refer to the product release notes.
  • N/NX-Platform customers who use Reputation or GEO filtering feature should upgrade to TOS 3.8.1 at their earliest convenience, for information on TOS v3.8.1 please refer to the product release notes.
 
If you have concerns or further questions regarding this issue, contact the Trend Micro™ TippingPoint Technical Assistance Center (TAC).

Thank you,
Trend Micro™ TippingPoint

For updated contact information, please click here.

 
© Copyright 2018 Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro logo, TippingPoint, the TippingPoint logo, and Digital Vaccine are trademarks or registered trademarks of Trend Micro Incorporated. TippingPoint Reg. U.S. Pat. & Tm. Off. The information is provided "as is" without warranty of any kind and is subject to change without notice. The only warranties for Trend Micro products and services are set forth in the express warranty statements accompanying such products and services. nothing herein should be construed as constituting an additional warranty. Trend Micro shall not be liable for technical or editorial errors or omissions contained herein.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy
Solution Id:
TP000118105
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.