TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Paul, I would encourage you to contact Technical Support ([EMAIL PROTECTED]) and they can look into that for you. If it is not a known issue, reporting it will ensure it is investigated and if there is an issue, that it is scheduled for a fix. Jamie -----Original Message----- From: Paul Van Gurp [mailto:[EMAIL PROTECTED]] Sent: Tuesday, July 10, 2001 8:33 AM To: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]' Subject: TFN2K TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Hi all. I have RealSecure 5.0 and I'm pretty new to the IDS field and was wondering if the TFN2K has any false positives. The documentation describes the attack and lists there are no false positives. Does that mean if I see it, I "almost" definitely have a "zombie" on my network? Are there tools to check a system to see if a zombie exists or do I have to do a manual search on the device?? What about a DNS server...with the UDP traffic going to and coming from this device, could it be mistaken for a UDP attack from a TFN2K zombie, thus triggerring the signature in the RealSecure database. Sorry if my questions seem basic, but this is all new to me..... Thanks, Paul
