TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Everything is inbound and/or outbound traffic with TFN2000.
Another signature that is generating a lot of noise is Stream_DoS. It's
popping up during a lot of our FTP traffic.
I would really like to see what the signatures are flagging on in the new
release. They don't seem very sophisticated.
-Joe
------Original Message------
From: "Anderson, Mark H." <[EMAIL PROTECTED]>
To: 'Joe Blow' <[EMAIL PROTECTED]>
Sent: August 2, 2000 7:12:46 PM GMT
Subject: RE: RealSecure v5.0 and False Positives
Just out of curiosity...is this all internal traffic that you're seeing...or
are you seeing any inbound and/or outbound traffic? Also is the DNS traffic
that you're seeing - is it largely related to DNS XFERs?
-----Original Message-----
From: Joe Blow [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 02, 2000 2:51 PM
To: Anderson, Mark H.
Subject: RE: RealSecure v5.0 and False Positives
I'm seeing DNS traffic too. I wish there existed the capability to tweak
the attack signatures. This is creating my work for everyone.
------Original Message------
From: "Anderson, Mark H." <[EMAIL PROTECTED]>
To: 'Joe Blow' <[EMAIL PROTECTED]>
Sent: August 2, 2000 6:27:18 PM GMT
Subject: RE: RealSecure v5.0 and False Positives
I have not this relating to realaudio, but I am definitely seeing alot of
TFN2K events related to UDP port 53 traffic. I'm in the info gathering mode
right now and will send some of my event logs (IP scrubbed of course) to ISS
soon and see what they say about the probability of false positives.
Mark
-----Original Message-----
From: Joe Blow [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 02, 2000 1:45 PM
To: [EMAIL PROTECTED]
Subject: RealSecure v5.0 and False Positives
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Recently I have implemented the new version of RealSecure and have noticed
that all of our realaudio traffic along with anything else that generates a
lot of noisy udp traffic is generating TFN2000 events. Is anyone else
noticing this?
Sincerely,
Scott
-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com
-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com
-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com
