1. Configure those 2 events to fire off a RSKILL. or 2. Configure those 2 events to fire off a OPSEC response (Doesn't work as advertised) or 3. If it's hitting your DMZ and you don't run IIS in there, then you may just want to ignore it.
Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 15, 2002 3:22 AM To: [EMAIL PROTECTED] Subject: [ISSForum] Real Secure 6.5 Hi We use Real Secure 6.5 with XPU 5.4 network sensor. Yesterday I found the high risk level of HTTP_Code_Red and HTTP_Nimda_Worm from many source IP address. How do we kill this packet type from real secure itself or do we send some command to block traffic at firewall? We appreciate your help. Regards, Wanchai Teppichaiyanond Senior Manager Technology Production Department Bankthai Public Company Limited Tel. 0-2626-7334 Fax. 0-2626-7333 e-mail : [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
