|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jose Vicente da Costa Machado Filho (JVicente
AMERICEL.COM.BR)Date: Tue Jan 09 2001 - 12:57:24 CST
Hi Mark,
you can go to the Policy Editor on your Management Console and use the User
Defined Signatures and input your own data. You can put the string and it
seems to be like Snort.
Regards,
Jose Vicente da C Machado
AMERICEL
I.T. - Information Security
email: jvicenteamericel.com.br
office:(61) 329-6698
fax:(61) 329-6709
mobile:(61) 929-0016
http://www.americel.com.br
Address:
SEPS 702/902 Bloco B 1º andar
70390-025 - Brasilia - DF
Brazil
-----Original Message-----
From: Mark Elliott [mailto:markeCWHOST.COM]
Sent: Tuesday, January 09, 2001 12:13
To: FOCUS-IDSSECURITYFOCUS.COM
Subject: IDS Rules for ICMP
Hey group - maybe someone out there in IDS land can help.
My IDS (RealSecure) is picking up tons of trace routes originating from
non-existent hosts and networks (x.y.z.0 address) destined for various IPs
outside our firewall. I beleive this to be generated by utilities such as
sing and nemesis. I have seen snort rules (http://www.sys-security.com) to
capture packets generated the these utilities, but nothing within real
secure.
So my question - do you know of a way to force real secure to use a user
defined string similar to snort?
and
Is anyone else seeing similar traffic?
Thanks,
Mark
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]