TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Hi all. I have RealSecure 5.0 and I'm pretty new to the IDS field and was wondering if the TFN2K has any false positives. The documentation describes the attack and lists there are no false positives. Does that mean if I see it, I "almost" definitely have a "zombie" on my network? Are there tools to check a system to see if a zombie exists or do I have to do a manual search on the device?? What about a DNS server...with the UDP traffic going to and coming from this device, could it be mistaken for a UDP attack from a TFN2K zombie, thus triggerring the signature in the RealSecure database. Sorry if my questions seem basic, but this is all new to me..... Thanks, Paul
