TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hello all,
This made it to me in a round about way. Jim's statements about server
sensor and OS sensor are correct, but I'd like to clarify a point about
server sensor.
RealSecure server sensor (now available for NT and Solaris) does bind to
system IP stack at the low monitoring level so Dr. Koros' question about how
we work with multiple NICs is relevant. The answer is that we bind to all
system NICs and watch traffic from all active NICs on the protected system.
regards,
sheila droski
Product Manager
Internet Security Systems
-----Message d'origine-----
De: Lindley, Jim (ISSAtlanta) [SMTP:[EMAIL PROTECTED]]
Date: mercredi 15 novembre 2000 21:30
A: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Objet: RE: Two IP addressess in the same NIC
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
------------------------------------------------------------------------
----
RS Server Sensor is neither NIC nor IP bound. It does its work just above
Datalink (NDIS) and just below Application layer(s).
James R Lindley
Anomaly Detection Xpert
Global Surveillance and Reconnaisance Group
Managed Security Services Special Operations Group
Internet Security Systems, Inc.
Vox: 678-443-6323
Fax: 678-443-6476
An unquenchable thirst for Pierian waters.
Internet Security Systems -- The Power to Protect
Confidentiality Notice: This message is being sent by or on behalf of a
network security professional. It is intended exclusively for the
individual
to whom it is addressed. This communication may contain information that is
proprietary, privileged or confidential. If you are not the named addressee
(to or cc), you are not authorized to read, print, retain, copy or
disseminate this message or any part of it. If you have received this
message in error, please notify the sender immediately by e-mail and delete
all copies of the message.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 15, 2000 2:01 PM
To: [EMAIL PROTECTED]
Cc: Lindley, Jim (ISSAtlanta)
Subject: RE: Two IP addressess in the same NIC
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
------------------------------------------------------------------------
----
Hi everybody,
I wonder what is the situation when RS Server Sensor is used on a host with
more than one NIC or IP address?
Dr. Zsolt Koros
director of NOREG Ltd.
phone/fax: +36-1-488-0427
-----Original Message-----
From: Lindley, Jim (ISSAtlanta) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 07, 2000 11:13 PM
To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: RE: Two IP addressess in the same NIC
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
------------------------------------------------------------------------
----
Adrian:
RS OS Sensors don't work with IP addresses. Rather, the OS Sensor parses
various audit log streams (NT, syslog, etc.) So you can have many NICs
with
many IPs on a Server, and OS Sensor could care less, because it is working
at the Operating System audit log level. As for why an RS Consol cannot
contact the OS Sensor, that is something that should be explored with
[EMAIL PROTECTED] by sending them as much information about your problem as
possible.
James R Lindley
Anomaly Detection Xpert
Global Surveillance and Reconnaisance Group
Managed Security Services Special Operations Group
Internet Security Systems, Inc.
Vox: 678-443-6323
Fax: 678-443-6476
An unquenchable thirst for Pierian waters.
Internet Security Systems -- The Power to Protect
Confidentiality Notice: This message is being sent by or on behalf of a
network security professional. It is intended exclusively for the
individual
to whom it is addressed. This communication may contain information that is
proprietary, privileged or confidential. If you are not the named addressee
(to or cc), you are not authorized to read, print, retain, copy or
disseminate this message or any part of it. If you have received this
message in error, please notify the sender immediately by e-mail and delete
all copies of the message.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, November 06, 2000 2:56 PM
To: [EMAIL PROTECTED]
Subject: Two IP addressess in the same NIC
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
------------------------------------------------------------------------
----
Hello all,
I need to know if it is possible to have a OS Sensor working with two IP
addressess because the console cannot contact it!
any ideas?
thanks
Adrian Saavedra D.
Consultor en Seguridad Informatica
SCITUM Consulting
Tel. (52) 55340062 ext. 4003
[EMAIL PROTECTED]
