Hey group - maybe someone out there in IDS land can help.

My IDS (RealSecure) is picking up tons of trace routes originating from non-existent hosts and networks (x.y.z.0 address) destined for various IPs outside our firewall. I beleive this to be generated by utilities such as sing and nemesis. I have seen snort rules (http://www.sys-security.com) to capture packets generated the these utilities, but nothing within real secure.

So my question - do you know of a way to force real secure to use a user defined string similar to snort?

and

Is anyone else seeing similar traffic?

Thanks,

Mark

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]