TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
ISS has informed me that TFN 2000 related to DNS (port53) is a known bug and
they are working on a solution.
> -----Original Message-----
> From: Joe Blow [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, August 03, 2000 9:33 AM
> To: Anderson, Mark H.
> Cc: '[EMAIL PROTECTED]'
> Subject: RE: RealSecure v5.0 and False Positives
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
> --
>
> Everything is inbound and/or outbound traffic with TFN2000.
>
> Another signature that is generating a lot of noise is Stream_DoS. It's
> popping up during a lot of our FTP traffic.
>
> I would really like to see what the signatures are flagging on in the new
> release. They don't seem very sophisticated.
>
> -Joe
>
> ------Original Message------
> From: "Anderson, Mark H." <[EMAIL PROTECTED]>
> To: 'Joe Blow' <[EMAIL PROTECTED]>
> Sent: August 2, 2000 7:12:46 PM GMT
> Subject: RE: RealSecure v5.0 and False Positives
>
>
> Just out of curiosity...is this all internal traffic that you're
> seeing...or
> are you seeing any inbound and/or outbound traffic? Also is the DNS
> traffic
> that you're seeing - is it largely related to DNS XFERs?
>
> -----Original Message-----
> From: Joe Blow [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 02, 2000 2:51 PM
> To: Anderson, Mark H.
> Subject: RE: RealSecure v5.0 and False Positives
>
>
> I'm seeing DNS traffic too. I wish there existed the capability to tweak
> the attack signatures. This is creating my work for everyone.
>
> ------Original Message------
> From: "Anderson, Mark H." <[EMAIL PROTECTED]>
> To: 'Joe Blow' <[EMAIL PROTECTED]>
> Sent: August 2, 2000 6:27:18 PM GMT
> Subject: RE: RealSecure v5.0 and False Positives
>
>
> I have not this relating to realaudio, but I am definitely seeing alot of
> TFN2K events related to UDP port 53 traffic. I'm in the info gathering
> mode
> right now and will send some of my event logs (IP scrubbed of course) to
> ISS
> soon and see what they say about the probability of false positives.
>
>
> Mark
>
> -----Original Message-----
> From: Joe Blow [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 02, 2000 1:45 PM
> To: [EMAIL PROTECTED]
> Subject: RealSecure v5.0 and False Positives
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message
> to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
> problems!
> --------------------------------------------------------------------------
> --
>
> Recently I have implemented the new version of RealSecure and have noticed
> that all of our realaudio traffic along with anything else that generates
> a
> lot of noisy udp traffic is generating TFN2000 events. Is anyone else
> noticing this?
>
> Sincerely,
> Scott
>
>
> -----------------------------------------------
> FREE! The World's Best Email Address @email.com
> Reserve your name now at http://www.email.com
>
>
> -----------------------------------------------
> FREE! The World's Best Email Address @email.com
> Reserve your name now at http://www.email.com
>
>
> -----------------------------------------------
> FREE! The World's Best Email Address @email.com
> Reserve your name now at http://www.email.com
>
>
>
