TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
When using the realsecure make sure to untick the box that says tag
realsecure kills in the sensor properties. If you do this the kill will
look like a standard reset rather than initiated by realsecure.
brian
-------------------------------------------------------------------
Brian Laing
Product Manager - Intrusion Detection Technologies
Internet Security Systems
UK Cellphone: +44 (0)771 264 5559
US Cellphone: +1 404 391 0589
UK Telephone: +44 (0)199 253 5918
US Telephone: +1 404 236 2709
US eFax: 208.575.1374
Internet Security Systems -- The Power to Protect
http://www.iss.net
-------------------------------------------------------------------
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 23, 2001 6:17 PM
To: [EMAIL PROTECTED]
Subject: to RealSecure_Kill or Not
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Is it a good thing to use RealSecure_Kill, or is it just letting the bad
guys know the IDS I am running without any value.
I would be interested in knowing the conditions under which compainies are
triggering RealSecure_Kill. We have what I consider an aggressive stance.
If the attack is ranked high and it is against a service or OS we run I kill
it. After an extensive set of HTTP_HEAD alerts recording someone attempting
various HTTP and cgi attacks I am considering RealSecure_Killing all
HTTP_HEAD attempts. I am concerned it would be a "feel good" act that would
tell more to the bad guy then I would deny them?
----------------------------------------------------------------
Get your free email from AltaVista at http://altavista.iname.com
