RE: RealSecure v5.0 and False Positives

Thu, 03 Aug 2000 14:57:20 -0700 


TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

Hi,

I encountered also some problems with TFN2K, we are obviously also false
positives. In this case all SNMP-Traffic towards a SNMP-based Management
Station.

The source address varies, while the dest. addr. is still 10.xx.yy.zz.
Source Port is always "SNMP", dest. Port varies from "34443" to other values
in the range "34xyz" to "41yzx". Protocol is always UDP.

The interesting thing about this is, that all source addresses are applied
to Routers, switches or (active) hubs. Strange thing. Anyone had the same
visions?

Bye,

Christian




-----Original Message-----
From: Jared Tabb
To: Joe Blow; [EMAIL PROTECTED]
Sent: 02.08.00 20:12
Subject: RE: RealSecure v5.0 and False Positives


TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
problems!
------------------------------------------------------------------------
----

I'm running RS5.0 with the MicroUpdate 1.1 and notice a lot of trouble
with
TFN2000.  It says in the description that there are no false positives
but I
see it pop up quite a bit (I actually turned it off).  It is a UNIX
attack
and my shop is entirely NT.  It also shows up coming from DNS servers
usually root servers.  Tech Support is asking for packet captures so
they
can analyze the data to find false positives, so it is a known issue.
I'm
just waiting for an update.

Jared

-----Original Message-----
From: Joe Blow [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 02, 2000 11:45 AM
To: [EMAIL PROTECTED]
Subject: RealSecure v5.0 and False Positives



TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
problems!
------------------------------------------------------------------------
----

Recently I have implemented the new version of RealSecure and have
noticed
that all of our realaudio traffic along with anything else that
generates a
lot of noisy udp traffic is generating TFN2000 events.  Is anyone else
noticing this?

Sincerely,
Scott


-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com

Reply via email to