|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: RealSecure Kill
From: Brian Laing (blaing
iss.net)Date: Tue Aug 15 2000 - 03:18:31 CDT
- Next message: Filacchione, Alex (ISSAtlanta): "RE: Paging software"
- Previous message: Marc Class: "RE: RealSecure Kill"
- In reply to: Weir, Bruce: "RE: RealSecure Kill"
- Next in thread: Marc Class: "RE: RealSecure Kill"
- Reply: Brian Laing: "RE: RealSecure Kill"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
majordomoiss.net Contact issforum-owneriss.net for help with any problems!
----------------------------------------------------------------------------
I have delt with several of these for customers. After looking at logged
data in RealSecure and firewall logs, each one has turned out to be HTTP
traffic. Seems like company a connects up to company b, company b's
webserver is very busy and triggers syn-flood, company b has synflood set
with a responce of kill connction. This then triggers company a's
RealSecure.
I would check RealSecure and your firewall logs to see what type of traffic
was running on that connection and investigate it that way.
brian
> -----Original Message-----
> From: owner-issforumiss.net [mailto:owner-issforumiss.net]On Behalf Of
> Weir, Bruce
> Sent: 14 August 2000 03:23 PM
> To: Fleck, Michael; 'issforumiss.net'
> Cc: Briese, Charles (Chuck)
> Subject: RE: RealSecure Kill
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
> message to
> majordomoiss.net Contact issforum-owneriss.net for help with
> any problems!
> ------------------------------------------------------------------
> ----------
>
> Contact ISS Customer Support. They have the contact information
> for all the
> Custids. ISS will not tell you the name of company that the Custid belongs
> to, however, they will contact the them and ask why the RS Kill was
> generated. ISS will ask you to send an email message with a copy
> of the RS
> Kill event (email alarm, etc.) attached. After ISS contacts the
> company, RS
> Kill traffic usually stops.
>
> Bruce
>
>
> -----Original Message-----
> From: Fleck, Michael [mailto:Michael.Fleckcompaq.com]
> Sent: Friday, August 11, 2000 5:15 PM
> To: 'issforumiss.net'
> Cc: Briese, Charles (Chuck)
> Subject: RealSecure Kill
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
> your message to
> majordomoiss.net Contact issforum-owneriss.net for help
> with any problems!
>
> ------------------------------------------------------------------
> ----------
>
> Occasionally pick up RealSecure Kill entries in my Sensor
> loges. How can I
> reference the Custid back to a warm body to inquire why the
> Kill was
> generated.
>
> > Michael Fleck
> > Internet Infrastructure Security
> > Compaq Computer Corporation
> > 20555 SH 249 ( MC 020303 )
> > Houston, TX 77070
> > Telephone: (281) 518-7067
> > Pager: (713) 762-8464
> >
> >
>
>
- Next message: Filacchione, Alex (ISSAtlanta): "RE: Paging software"
- Previous message: Marc Class: "RE: RealSecure Kill"
- In reply to: Weir, Bruce: "RE: RealSecure Kill"
- Next in thread: Marc Class: "RE: RealSecure Kill"
- Reply: Brian Laing: "RE: RealSecure Kill"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]