OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Peter Sundstrom (psundstrom_at_securenet.com.au)
Date: Wed Nov 20 2002 - 17:06:48 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    You can set filters in the policy to prevent a particular signature for a specified IP address being reported.
     
    Alternatively, SiteProtector with the security fusion module and Internet Scanner will automatically determine whether the target host is vulnerable to a particular attack.

            -----Original Message-----
            
            

            Hallo
            
            I have implemented RealSecure 6.5 into the network. We have solaris and
            NT Server. I have configured the policy to see only the attacks which
            are importnat for our environment.
            
            Now I see the following events in a high number (on a network sensor)
            coming from the outside of our network but there are only from interest,
            when they are attacking an NT machine. I see every attack, on solaris or
            nt.
            
            HTTP_NIMDA
            HTTP_CODE_RED
            HTTP_HEAD
            
            How must I configure the Policiy to see only the critical events. How
            can I minimize the numbers of such Events in an acceptable way.
            
            I hope somebody can help me, I am new in IDS.
            
            
            --
            Mit freundlichen Gruessen - Yours sincerely
            
            Thorsten Ohler
            Diplom Wirtschaftsinformatiker (BA)
            
            Sparkassen-Versicherung Baden-Württemberg
            Informatikdienste (SVI) GmbH Mannheim
            Netz- und Telekommunikationstechnik (ZS3)
            
            mailto: thorsten.ohlersvi.de
            Telefon: 0711-898-1410
            Handy: 0177-7230778
            
            This email is confidential. If you are not the intended recipient,
            you must not disclose or use the information contained in it.
            If you have received this mail in error, please tell us
            immediately by return email and delete the document.
            
            "Wahres Wissen beruht auf Erfahrung, alles andere ist nur Information."
            - Albert Einstein -
            _______________________________________________
            ISSForum mailing list
            ISSForumiss.net
            
            TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
            

    _______________________________________________
    ISSForum mailing list
    ISSForumiss.net

    TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo