What is the most effective and stealth manner of stopping a connection? If you send an RSKILL, does that send a reset for the connection and indicate that there is defensive action being taken? If you were to deny the offending IP address at the firewall, wouldn't that just make the destination unreachable and possibly make it look like the site is down? I am kind of new to this and am exploring the same things.
Kris -----Original Message----- From: Rosel, Kevin [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 15, 2002 1:23 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: [ISSForum] Real Secure 6.5 1. Configure those 2 events to fire off a RSKILL. or 2. Configure those 2 events to fire off a OPSEC response (Doesn't work as advertised) or 3. If it's hitting your DMZ and you don't run IIS in there, then you may just want to ignore it. Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 15, 2002 3:22 AM To: [EMAIL PROTECTED] Subject: [ISSForum] Real Secure 6.5 Hi We use Real Secure 6.5 with XPU 5.4 network sensor. Yesterday I found the high risk level of HTTP_Code_Red and HTTP_Nimda_Worm from many source IP address. How do we kill this packet type from real secure itself or do we send some command to block traffic at firewall? We appreciate your help. Regards, Wanchai Teppichaiyanond Senior Manager Technology Production Department Bankthai Public Company Limited Tel. 0-2626-7334 Fax. 0-2626-7333 e-mail : [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
