TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
The RealSecure_Kill event signifies that another RealSecure Network Detector
has issued a TCP RST to a host attempting unauthorized access. This will
disconnect the host attempting unauthorized access. RealSecure_Kill will
not defend your network against UDP or ICMP based events. The
RealSecure_Kill is solely used to defend networks from unauthorized access.
The RealSecure Console can be configured to notify users of incoming
RealSecure_Kill events. When dealing with RealSecure_Kill events on your
network there are several items to consider. Since the RealSecure_Kill event
is not an attack there is no cause for immediate alarm. If the event is not
interfering with your business process or network
then it can safely be ignored. To illustrate, you should first gather all of
the important information.
If the RealSecure_Kill is directed at Port 25 or Port 80 then a remote
Engine is more than likely disconnecting the target IP from a busy network.
(ie, some Security Admins have their RealSecure misconfigured for SYNFlood).
Cheers,
Brian Fitch
ISS IDS Named Accounts Engineer
-----Original Message-----
From: Sean Waddell [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 29, 2001 1:34 PM
To: ISS Forum
Subject: RealSecure_Kill
Can anyone tell me a little more about the RealSecrue_Kill event?
Should I be watching these very closely? How have you handled the
event? Is there any vulnerability? Any info would be great. Thanks.
