RE: **RealSecure 5.0 & E-Mail Alerts**

Thu, 03 Aug 2000 15:06:22 -0700 


TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

The sniffer interface does send the tcp resets.  According to ISS, it
temporarily binds a protocol to send the resets.  It does not send the
resets from the stealth interface.  Because of this you must make sure that
the sniffer interface is connected to a bi-directional device so it can
receive and send.  This makes it real hard to use an ethernet tap since they
are uni-directional.  I recommend using a 100mb/s hub.

Jared

-----Original Message-----
From: George Milliken [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 02, 2000 4:57 PM
To: Mark S. Velasquez
Cc: [EMAIL PROTECTED]
Subject: Re: **RealSecure 5.0 & E-Mail Alerts**



TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------

For that matter, how do TCP RS KILLs happen across the "secure"  stealth
interface?

We have puzzled on this much recently.    We assume the emails go out
over the internal interface but I have not verified that via sniffer.

But, how do the resets happen??? There is not guarentee that the
internal interface can route packets back to the stealth (outside) side
of the network.

Anybody got a clue?  





"Mark S. Velasquez" wrote:
> 
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
to
> [EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any
problems!
>
----------------------------------------------------------------------------
> 
>  I've installed RealSecure 5.0. The Network Sensors are installed on
> Sparc Solaris 7.0 platforms with the monitoring interface in stealth
> mode( no IP assigned to it, no arp, etc.), and a second interface on a
> private Network to the monitoring Console.
> 
>  My question concerns E-Mail Responses. I'd assumed that the monitoring
> console sent them. From reading the manual it appears that the Network
> Sensor sends them...if so how is this supposed to work in a secure
> setup( it cant' send via the stealth-configured interface... and the
> other interface connects directly to the Monitoring Console. ).
> 
>  How is everyone else sending E-Mail responses/alerts in a secure
> configuration ?
> 
>  TIA
> 
> Mark

-- 


Regards,



George Milliken

---------------------------------
farm9, Inc.

Online Intrusion Prevention 24x7
http://www.farm9.com
---------------------------------

Reply via email to