Santosh, Your firmware version supports conditional responses and protection domains. You should be able to use either of these features to enable Quarantine rules except when your proxy server appears to be the intruder.
Paul -----Original Message----- From: [EMAIL PROTECTED] On Behalf Of Santosh Krishnamurthy Sent: Thursday, April 13, 2006 6:32 AM To: [EMAIL PROTECTED] Subject: [ISSForum] Proventia G100 Firmware 1.2 related issues Hi, Recently we have observed a bug in ISS Proventia G series IPS with firmware 1.2 . I would like to throw light on Quarantine rules which is available with each and every security event signature. The problem out here is if we use quarantine option with any of the HTTP related security events and if any of the Internet Expolrer client sitting behind the proxy server generates any of these quarantine events could lead to Denial of Service to the Internet for other legitimate users as Proventia G100 with Firmware 1.2 would quarantine the source ip of the proxy server thereby denying the access to other users for a certain pre-defined time as set in the quarantine option. Could any one from the ISS Forum suggest how to make better use of Quarantine rules with Firmware 1.2 or is this bug in Firmware 1.2 which yet not observed by anyone. Would appreciate some response from ISS Forum. Thanks and Regards, Santosh Krishnamurthy --------------------------------- How low will we go? Check out Yahoo! Messenger's low PC-to-Phone call rates. _______________________________________________ ISSForum mailing list ISSForum@iss.net TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list ISSForum@iss.net TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.