TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I use ISS RealSecure 3.2. On numerous occasions I've gotten IPHalfScan
events detected one of my sensors, each time, from a different source and on
a different date. Investigation reveals that the sources of these events is,
what appears to be newly deployed Apache web servers (Test Page for Red Hat
Linux's Apache Installation.) There doesn't seem to be any malicious intent
behind these scans. Each time I get the scan it will go through all of the
class C addresses that we own. Does anyone know of a reason why these events
are occurring other than the possibility of rodent infestation? The RS
documentation says that false positives only include keep-alive timers for
certain "internet push" technologies. Does this mean that the "push" would
have to come from the source of the event or could it possibly be coming
from an entirely different source? Any insight into this type of anomaly, if
it is an anomaly, would be greatly appreciated.
Thanks,
Rick Sears
