Re: [ISSForum] Proventia G100 Firmware 1.2 related issues

Fri, 14 Apr 2006 06:23:16 -0700 

Santosh,

Your firmware version supports conditional responses and protection
domains. You should be able to use either of these features to enable
Quarantine rules except when your proxy server appears to be the
intruder.

Paul

-----Original Message-----
From: [EMAIL PROTECTED] On Behalf Of Santosh
Krishnamurthy
Sent: Thursday, April 13, 2006 6:32 AM
To: [EMAIL PROTECTED]
Subject: [ISSForum] Proventia G100 Firmware 1.2 related issues


Hi,
   
  Recently we have observed a bug in ISS Proventia G series IPS with
firmware  1.2 .
  I would like to throw light on Quarantine rules which is available
with each and every security event signature.
   
  The problem out here is if we use quarantine option with any of the
HTTP related security events and if  any of the Internet Expolrer client
sitting behind the proxy server generates any of these quarantine events
could lead to Denial of Service to the Internet for other legitimate
users as Proventia G100 with Firmware 1.2 would quarantine the source ip
of the proxy server thereby denying the access to other users 
  for a certain pre-defined time as set in the quarantine option.
   
   
  Could any one from the ISS Forum suggest how to make better use of
Quarantine rules with Firmware 1.2 or is this bug in Firmware 1.2 which
yet not observed by anyone.
   
  Would appreciate some response from ISS Forum.
   
  Thanks and Regards,
   
  Santosh Krishnamurthy

                
---------------------------------
How low will we go? Check out Yahoo! Messenger's low  PC-to-Phone call
rates. _______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]

The ISSForum mailing list is hosted and managed by Internet Security
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to [EMAIL PROTECTED]

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.

Reply via email to