Locks do not work anymore about cyberarms HOT 11 OPEN

We found the problem inbetween. IDDS blocks all IP adresses in one firewall rule called "Blocked by Cyberarms Intrusion Detection_BlockAttacker_AllPorts" and the rule can only store several IP adresses to block (256? or less?). You can delete the rule to get blocking of actual IPs running again (IDDS will create a new rule). Or you can rename the rule to block the collected adresses permanently.
Due to this firewall limitation IDDS needs to spread the blocks to many rules or create rules for different source networks.

from cyberarms.

I experience the same troubles.
I discovered a fix. If I delete the attackers IP-address from the list, the program again locks it again after a while, and the intruder is locked out. The problem is that my list is getting very long, over 1000 entries, and there is not filterfunction to look for a specific IP, so its too much work to manually look one IP up and then delete it and then wait for it to be added (and blocked) again.

from cyberarms.

This problem is caused by the setting "Never unlock". As the IP addresses within a Windows Firewall rule are limited by number of characters, the maximum number of locks can be around 1000-1200 addresses.
Please do not use the unlock forever feature, because it causes issues with overflowing the firewall limits.

from cyberarms.

I have now more than 3000 IP-locks. I was running it with permanent locks, I want those bastards to be locked out forever (!!!)
After some hours trying different solutions I had to delete cyberarms.idds.dbf, and after that I had to delete the rule created by cyberarms in windows firewall. That also made all other configuration disappear like my whitelist, which I had to create all over.
If now windows have this limitation (256, 1000 or whatever), it would be good to have cyberarms to automatically create a second, and a third rule to split them up in windows firewall. I tried to manually copy the rule, but then just one more rule with exactly the same name showing up, which I guess cyberarms will not be able to start over.
ok, thats all for now.

from cyberarms.

from cyberarms.

Hello again.
I submitted a screenshot here. It shows that several hundreds of attempts within a single day gets through. I have now also changed to the default settings, how is this possible?
Best regards, Johan

from cyberarms.

It is still an issue currently at version 2.2.0

from cyberarms.

The new version 2.3 will be available soon. The lockout forever function will be removed because of those issues. We will cover the problem with persistent annoying attackers in a different and more global way in the near future.

from cyberarms.

Sorry to bring up this old topic but problem seems to be quite serious.
There sems to be a serious issue with ver 2.2.0 (unless I'm missing something) where under heavy bruteforce attack software doesn't lock IP (doesn't add IP to Cyberarms' firewall rule). I never had "Hard lock forever" enabled. Cyberarms' firewall rule contains about 5 IPs.
My settings:

As you can see below there are thousands of incidents and IP was never locked. Any suggestions?

from cyberarms.

from cyberarms.

Yes, firewall policy is enabled. I've been using Cyberarms since very long time and it works "9 out of 10 times".
I've seen people having similar problems like this one and there might be something in it as IP which was not locked was 5.181.86.12 and there was already similiar IP 5.181.86.22 which was alredy locked (you can't see it on my screenshot as it was much lower).

from cyberarms.