|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Ohler Thorsten (thorsten.ohler_at_SVI.de)
Date: Wed Nov 20 2002 - 02:55:56 CST
Hallo
I have implemented RealSecure 6.5 into the network. We have solaris and
NT Server. I have configured the policy to see only the attacks which
are importnat for our environment.
Now I see the following events in a high number (on a network sensor)
coming from the outside of our network but there are only from interest,
when they are attacking an NT machine. I see every attack, on solaris or
nt.
HTTP_NIMDA
HTTP_CODE_RED
HTTP_HEAD
How must I configure the Policiy to see only the critical events. How
can I minimize the numbers of such Events in an acceptable way.
I hope somebody can help me, I am new in IDS.
-- Mit freundlichen Gruessen - Yours sincerelyThorsten Ohler Diplom Wirtschaftsinformatiker (BA)
Sparkassen-Versicherung Baden-Württemberg Informatikdienste (SVI) GmbH Mannheim Netz- und Telekommunikationstechnik (ZS3)
mailto: thorsten.ohler
svi.de Telefon: 0711-898-1410 Handy: 0177-7230778
This email is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this mail in error, please tell us immediately by return email and delete the document.
"Wahres Wissen beruht auf Erfahrung, alles andere ist nur Information." - Albert Einstein - _______________________________________________ ISSForum mailing list ISSForum
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]