TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
John:
2 Answers.
1st. Actually, we are at RS 5.5 now. If you're still in the maintenance
period (check you license), then you may download the upgrade from the iss
web site.
2nd. Is the monitoring NIC attached to a switch? If so, you will not see
any traffic. RS is designed to work in a hub environment and if you are in
a switched environment, then you must amalgamate the switched traffic.
There are white papers on the ISS web site or you can get them by bugging
your ISS salesperson. The raw packet driver is installed invisibly during
Network Sensor installation, so if you have the sensor installed, you have
the raw packet driver also. Also, if the policy you are running (default?)
doesn't catch any events (no attacks), then there won't be any alerts to the
console. One way to "just make sure" is to go into the Console View menu,
open up the Options choice, and turn on all the detector errors, warnings,
and infos. Then you will see (at least) the sensor activities. But the big
things are NO TRAFFIC, NO ALERTS and NO ATTACKS, NO ALERTS.
James R Lindley
Anomaly Detection Xpert
Global Surveillance and Reconnaisance Group
Managed Security Services Special Operations Group
Internet Security Systems, Inc.
Vox: 678-443-6323
Fax: 678-443-6476
An unquenchable thirst for Pierian waters.
Internet Security Systems: The Power To Protect.
-----Original Message-----
From: Smith John [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 24, 2000 8:06 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RealSecure Console/Detector
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
2 ?'s
1st.
Is there a RealSecure Console/Detector version 5.0, or
is it still at 3.2.2.
2nd.
NIDS setup. I have the Detector box (contains 2 NIC's)
sitting in permiscuous mode on our line. I've the 1st
NIC communicating with the Console box which the
Detector it's directly connected to. The 2nd NIC is
the one set to permiscuous. Now i have the
console/detector communicating with each other, but
nothing is being seen from the network traffic. Now i
did read the instructions (maybe i missed a step), but
in it, the installation mentions a "ISS Raw Packet
Driver" will be installed during the setup. After
repeating the install/uninstall several times, i'm
about to "accidentaly" tip it to the floor.
someone point me in the right direction. thanks in
advance.
Jason
__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf! It's FREE.
http://im.yahoo.com/
