Hi, I'm not from ISS, but I know this is the expected behavior of this type of response when you are blocking (or automatically blocking using quarantine option) an IP address from a Proxy or One-to-Many NAT device, is not a bug and not only ISS works in that way, every single vendor using this kind of protection should cause the same.
Regards, Italo Tapia. Santosh Krishnamurthy <[EMAIL PROTECTED]> on Thursday, April 13, 2006 at 6:32 AM -0400 wrote: >Hi, > > Recently we have observed a bug in ISS Proventia G series IPS with >firmware 1.2 . > I would like to throw light on Quarantine rules which is available with >each and every security event signature. > > The problem out here is if we use quarantine option with any of the >HTTP related security events and if any of the Internet Expolrer client >sitting behind the proxy server generates any of these quarantine events >could lead to Denial of Service to the Internet for other legitimate >users as Proventia G100 with Firmware 1.2 would quarantine the source ip >of the proxy server thereby denying the access to other users > for a certain pre-defined time as set in the quarantine option. > > > Could any one from the ISS Forum suggest how to make better use of >Quarantine rules with Firmware 1.2 or is this bug in Firmware 1.2 which >yet not observed by anyone. > > Would appreciate some response from ISS Forum. > > Thanks and Regards, > > Santosh Krishnamurthy > > >--------------------------------- >How low will we go? Check out Yahoo! Messengers low PC-to-Phone call >rates. >_______________________________________________ >ISSForum mailing list >[email protected] > >TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to >https://atla-mm1.iss.net/mailman/listinfo/issforum > >To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] > >The ISSForum mailing list is hosted and managed by Internet Security >Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
