TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
I just had a Mstream_Master pop up on my console so I was a little concerned
when I saw it. After looking at the event info it was just some user
accessing one of my web servers. The destination port happened to be 12754
(port 12754 is used for mstream).
Is port 12754 all this attack signature looks for?
-Joe
------Original Message------
From: "Neil Long" <[EMAIL PROTECTED]>
To: Jared Tabb <[EMAIL PROTECTED]>, Joe Blow <[EMAIL PROTECTED]>,
[EMAIL PROTECTED]
Sent: August 3, 2000 10:19:17 AM GMT
Subject: Re: RealSecure v5.0 and False Positives
Just to confirm a similar blizzard of false TFN2000 alerts - again a
mix of genuine DNS udp requests and audio/video streams (bbc.co.uk does
it here).
How does anyone get hold of the Xpress Updates if the management
console is on a non-routeable network (i.e. secure out of band)?
If I use a non-master console which I could temporarily connect to
routeable feed then the Xpress_Updates option disappears off the sensor
menu.
Is the MicroUpdate 1.1 for v5.0 available other than via the console
app?
Thanks
Neil
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dr Neil J Long, Computing Services, University of Oxford
13 Banbury Road, Oxford, OX2 6NN, UK Tel:+44 1865 273232 Fax:+44 1865 273275
EMail: [EMAIL PROTECTED]
PGP: ID 0xE88EF71F OxCERT: [EMAIL PROTECTED] PGP: ID 0x4B11561D
-----------------------------------------------
FREE! The World's Best Email Address @email.com
Reserve your name now at http://www.email.com
