Synfloods: What would ISSFORUM define as trigger

Fri, 21 Dec 2001 09:39:48 -0800 


TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

I have seen man, many emails about Synfloods since I joined this list about 18 months 
ago,

Some positive, some negative, occasioanlly ISS get fed up :) and post the How-To 
document on tuning the decode.

But still , there there are complaints about the decode.

Lets all help ISS enhance the decode then, if we as a group list in this forum what we 
would like to see as triggers or conditions under which the decode would operate. 
Hopefully the guys who work in enhancements are paying attention to what goes on here 
as this takes place!!

Regards

Stephen Cooper

Stephen Cooper
Senior Security Analyst
Security & Architecture Group
Information Technology Services
Bank for International Settlements
Voice: +41 61 2806792
Fax: +41 61 2809100


>>> "Bartholomew, Brian J" <[EMAIL PROTECTED]> Thursday 19, July, 2001 14:20:57 
>>>>

TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED]  Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------

Neil,
        In my experience, SYNfloods are one of the worst false positives
known to man.  This is one signature that I have had to turn off on many
occasions because it doesn't work.  Even with the xpress updates installed,
we still have always received these alerts.  Check with ISS to be sure, but
I am almost certain that this is an admitted (by ISS) false positive with no
known resolution.  Hope this helps.

Brian J. Bartholomew
U.S. Dept of State, Bureau of Diplomatic Security
Computer Incident Response Team
(202)663-2304






DISCLAIMER: Any e-mail messages from the Bank for International Settlements are sent 
in good faith, but shall not be binding nor construed as constituting any obligation 
on the part of the Bank.

CONFIDENTIALITY NOTICE: This e-mail contains confidential information, which is 
intended only for the use of the recipient(s) named above. If you have received this 
communication in error, please notify the sender immediately via e-mail and return the 
entire message. Thank you for your assistance.

Reply via email to