TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
RealSecure sends the TCP RST packets that implement an RS Kill out the
same interface it is monitoring (typically the stealth interface). The
fact that the interface is configured as a "stealth" interface in no
way impacts RealSecure's ability to transmit the packets. Although
regular software cannot transmit out of the "stealth" interface
because no protocol stacks are bound to it, RealSecure can because it
constructs the entire contents of the packets it transmits. This
includes ethernet, IP, and TCP headers. Even so, if the stealth
interface is connected to the network using read-only taps, the RS
Kill packets will be blocked at the taps.
Paul
- -----Original Message-----
From: George Milliken [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 02, 2000 6:57 PM
To: Mark S. Velasquez
Cc: [EMAIL PROTECTED]
Subject: Re: **RealSecure 5.0 & E-Mail Alerts**
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
- ------------------------------------------------------------------------
- ----
For that matter, how do TCP RS KILLs happen across the "secure"
stealth
interface?
We have puzzled on this much recently. We assume the emails go out
over the internal interface but I have not verified that via sniffer.
But, how do the resets happen??? There is not guarentee that the
internal interface can route packets back to the stealth (outside)
side
of the network.
Anybody got a clue?
"Mark S. Velasquez" wrote:
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your
message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
>
- -----------------------------------------------------------------------
- -----
>
> I've installed RealSecure 5.0. The Network Sensors are installed on
> Sparc Solaris 7.0 platforms with the monitoring interface in stealth
> mode( no IP assigned to it, no arp, etc.), and a second interface on
a
> private Network to the monitoring Console.
>
> My question concerns E-Mail Responses. I'd assumed that the
monitoring
> console sent them. From reading the manual it appears that the
Network
> Sensor sends them...if so how is this supposed to work in a secure
> setup( it cant' send via the stealth-configured interface... and the
> other interface connects directly to the Monitoring Console. ).
>
> How is everyone else sending E-Mail responses/alerts in a secure
> configuration ?
>
> TIA
>
> Mark
- --
Regards,
George Milliken
- ---------------------------------
farm9, Inc.
Online Intrusion Prevention 24x7
http://www.farm9.com
- ---------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5
iQCVAwUBOYmgtISi4VqTDp53AQE4BgQAvsLUWjLHvUQ4y00qxVaRuXAS9wyQtuys
TpaMKHgrw1kDRQGDEssRXiTACoWdQi2eiaUTS7/HjBnm76bxk2wBgDnMlD9b6tr2
LR+YUSk3dCV/SquUZBJjbUk5wyVdJyXKrKxyxHDSKQc0u38ZpNsRkgeVyFA4UhIR
WmAMDhP8uvE=
=p39d
-----END PGP SIGNATURE-----
