TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Thanks alot Brian...you know I had just installed my RealSecure, and had downloaded the newest Service Release and Micro Updates, but I hadn't installed those yet. I'll do that right away. Thanks again. Paul > -----Original Message----- > From: Fitch, Brian (ISSAtlanta) [SMTP:[EMAIL PROTECTED]] > Sent: Wednesday, July 11, 2001 7:34 AM > To: 'Paul Van Gurp'; '[EMAIL PROTECTED]' > Subject: RE: TFN2K > > RealSecure 5.0 with no updates applied will false positive TFN2k on DNS > traffic (port 53). Upgrading to Service Release 1.1 should reduce or > eliminate the TFN2k false positives. > > Cheers, > > Brian Fitch, IDS Named Accounts Engineer > Internet Security Systems, Inc. > > > -----Original Message----- > From: Paul Van Gurp [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, July 10, 2001 8:33 AM > To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' > Subject: TFN2K > > > > TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message > to > [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any > problems! > -------------------------------------------------------------------------- > -- > > Hi all. > > I have RealSecure 5.0 and I'm pretty new to the IDS field and was > wondering > if the TFN2K has any false positives. The documentation describes the > attack and lists there are no false positives. Does that mean if I see > it, > I "almost" definitely have a "zombie" on my network? Are there tools to > check a system to see if a zombie exists or do I have to do a manual > search > on the device?? What about a DNS server...with the UDP traffic going to > and > coming from this device, could it be mistaken for a UDP attack from a > TFN2K > zombie, thus triggerring the signature in the RealSecure database. > > Sorry if my questions seem basic, but this is all new to me..... > > Thanks, > > Paul
