it looks like you got the server sensor honeypot service for http enabled. This will result in the server sensor sending a banner screen when receiving http requests. This would cause a port conflict on your web server. Depending on the startup sequence, the real web server or the fake instance will grab the port. Please edit your policy and disable the corresponding entry in Protect?Connections?User Defined Suspect Connections.
Karl
Mustapha Huneyd schrieb:
Realsecure Server sensor for Solaris 6.5
Solaris 8.0 running Web server
Cisco Load balencing switch.
2 instances of the Web servers running on two physical systems behind the load balencing switch. Each server has server sensor installed.
A strange instance of ISS server sensor (banner feature) responding on behalf of a shutdown web server daemon was noticed in our setup. This confuses the Cisco load balencing switch to understand that both web servers are available and it still sends requests to the shutdown web server resulting in users not being able to access the site.
Issue is resolved the ISS server sensor daemon is shutdown on the server where the web service is not available.
Has anyone noticed such a behavior and have workarounds?
regards
Mustapha
MUSTAPHA HUNEYD, CISSP.
Emirates Telecommunications Corporation
NETWORK & INFORMATION SECURITY
Mob:+971506625859 Tel: +97126184804
------------------------------------------------------------------------ From: [EMAIL PROTECTED] on behalf of Andrew Plato Sent: Sat 1/31/2004 1:06 PM To: [EMAIL PROTECTED] Subject: [ISSForum] Problems with adaptive profiles for RS Desktop
I've been working with ISS support on this issue but they do not have a solution yet. I have numerous furious customers so I thought I'd see if anybody else is experincing these issues.
I have a whole collection of customers who cannot get Adaptive Profiles working. The problem is the VPN group.
The documentation says to use the external IP of the VPN concetrator/firewall for the VPN adresses for the VPN adaptive profile. But when we use this, it doesn't work. Agents on VPN connections remain in default.
So, we tried putting the Virtual IP range assigned to the VPN clients into the VPN rules. Nothing, remains in default.
What's weird, is that when we put the virtual range into corpnet - the agent switches into corpnet just fine.
Has anybody seen this behavior. Do you have ANY suggestions?
Thanks.
___________________________________ Andrew Plato, CISSP President/Principal Consultant Anitian Enterprise Security
503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com ___________________________________
_______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
-- ______________________________________________________
BDG GmbH & Co. KG - Make IT safe. Stolberger Str. 307 D-50933 Koeln
Tel: +49 (0)221-954231-0 direkt: +49 (0)6126-94433-21 Fax: +49 (0)6126-94433-31
E-Mail: [EMAIL PROTECTED] Web: www.bdg.de ______________________________________________________
_______________________________________________ ISSForum mailing list [EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
