TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Brian,
Not sure if this is an answer to your question but you can setup a 'user
defined' alert to echo some alert info to a textfile, which can be
picked up and parsed and proccessed by nearly anything. The only
problem is there are only (RS 3.x) a few (5 or so) things that can be
parameters to the user defined event, s their kinda limited.
George
Brian Tan Wee Beng wrote:
>
> Is there any script that can be used such that the console is sending the mail
>instead???
>
> Cheers
>
> --
>
> On Thu, 3 Aug 2000 14:58:58 Lindley, Jim (ISSAtlanta) wrote:
> >
> >TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
> >[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
> >----------------------------------------------------------------------------
> >
> >George et al:
> >
> >The TCP RST packets ARE generated by the "stealth" NIC, since that is the
> >NIC on the monitored network. Since the IP/MAC address information is
> >available to RS from BOTH ends of the suspect TCP session, RS builds TWO
> >spoofed TCP RST packets using the IP/MAC information and sends each end of
> >the suspect TCP session a TCP RST that purports to come from the other end
> >of the session. Therefore, each end of the session being RSTed believes the
> >other end called off the conversation. These TCP RST packets are the ONLY
> >output ever issued by the stealth NIC. All other responses that require
> >communication are generated by the "reporting" NIC and sent to the network
> >on which the monitoring RS Console is placed. If that network has no exit
> >point for SNMP/SMTP/pagers/etc, then you have an "out-of-band" network,
> >which is more secure BUT you loose the ability to use the SMTP/SNMP/pager
> >responses.
> >
> >James R Lindley
> >Anomaly Detection Xpert
> >X-Force Surveillance and Response Unit
> >Managed Security Services
> >Internet Security Systems Inc
> >Vox: 678-443-6323
> >Fax: 678-443-6482
> >An unquenchable thirst for Pierian Waters.
> >
> >Internet Security Systems - The Power To Protect.
> >-----Original Message-----
> >From: George Milliken [mailto:[EMAIL PROTECTED]]
> >Sent: Wednesday, August 02, 2000 6:57 PM
> >To: Mark S. Velasquez
> >Cc: [EMAIL PROTECTED]
> >Subject: Re: **RealSecure 5.0 & E-Mail Alerts**
> >
> >
> >
> >TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
> >[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> >problems!
> >----------------------------------------------------------------------------
> >
> >For that matter, how do TCP RS KILLs happen across the "secure" stealth
> >interface?
> >
> >We have puzzled on this much recently. We assume the emails go out
> >over the internal interface but I have not verified that via sniffer.
> >
> >But, how do the resets happen??? There is not guarentee that the
> >internal interface can route packets back to the stealth (outside) side
> >of the network.
> >
> >Anybody got a clue?
> >
> >
> >
> >
> >
> >"Mark S. Velasquez" wrote:
> >>
> >> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> >to
> >> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> >problems!
> >>
> >----------------------------------------------------------------------------
> >>
> >> I've installed RealSecure 5.0. The Network Sensors are installed on
> >> Sparc Solaris 7.0 platforms with the monitoring interface in stealth
> >> mode( no IP assigned to it, no arp, etc.), and a second interface on a
> >> private Network to the monitoring Console.
> >>
> >> My question concerns E-Mail Responses. I'd assumed that the monitoring
> >> console sent them. From reading the manual it appears that the Network
> >> Sensor sends them...if so how is this supposed to work in a secure
> >> setup( it cant' send via the stealth-configured interface... and the
> >> other interface connects directly to the Monitoring Console. ).
> >>
> >> How is everyone else sending E-Mail responses/alerts in a secure
> >> configuration ?
> >>
> >> TIA
> >>
> >> Mark
> >
> >--
> >
> >
> >Regards,
> >
> >
> >
> >George Milliken
> >
> >---------------------------------
> >farm9, Inc.
> >
> >Online Intrusion Prevention 24x7
> >http://www.farm9.com
> >---------------------------------
> >
> >
> >
> >
>
> Get your FREE Email at http://www.mailcityasia.com
--
Regards,
George Milliken
---------------------------------
farm9, Inc.
Online Intrusion Prevention 24x7
http://www.farm9.com
---------------------------------
