Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security ISSForum
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ISSForum] Realsecure Server Sensor - Network Filtering

from [dmsimpson] Network Security [Permanent Link]
Subject: RE: [ISSForum] Realsecure Server Sensor - Network Filtering
Date: Fri, 8 Oct 2004 09:08:34 -0400 
Unfortunately that filtering method is for the BlackICE (Desktop 
Protector) client and not for RealSecure Server Sensor. 

Thanks,

David M Simpson
Risk Management Enterprise Security
Intrusion Detection Lead
American Electric Power
614.716.3139
dmsimpson@aep.com




"Anderson, Mike" <Mike_Anderson@centraltechnology.net>
10/08/2004 09:02 AM

 
        To:     "'dmsimpson@aep.com'" <dmsimpson@aep.com>, Michael Nurre 
<mnurre@americanbank.com>
        cc:     issforum@iss.net
        Subject:        RE: [ISSForum] Realsecure Server Sensor - Network 
Filtering


I would have to respectfully disagree.. 

From the Blackice Advanced Administration Gudie.. 

trust.pair 
Description This parameter defines IP address-signature pairs that an 
agent ignores. An agent ignores 
a specific attack from a specific IP address. 
Values IP address (or range) and signature pairs 
Default none 
Example trust.pair = 192.68.0.1,2002703 
You would just have to find the issue id for the event you were interested 
in; once you find that, once you find that, you can edit the blackice.ini 
file with the above information.
Hope this helps.. 
-----Original Message----- 
From: issforum-bounces@iss.net [mailto:issforum-bounces@iss.net]On 
Behalf Of dmsimpson@aep.com 
Sent: Friday, October 08, 2004 6:49 AM 
To: Michael Nurre 
Cc: issforum-bounces@iss.net; issforum@iss.net 
Subject: Re: [ISSForum] Realsecure Server Sensor - Network Filtering 

No you cannot.  I have actually been requesting this from ISS for a little 

over three years. 
Thanks, 
David M Simpson 
Risk Management Enterprise Security 
Intrusion Detection Lead 
American Electric Power 
614.716.3139 
dmsimpson@aep.com 



"Michael Nurre" <mnurre@americanbank.com> 
Sent by: issforum-bounces@iss.net 
10/07/2004 03:48 PM 
  
        To:     issforum@iss.net 
        cc: 
        Subject:        [ISSForum] Realsecure Server Sensor - Network 
Filtering 

Does anyone know if it is possible to filter out specific IP addresses for 

different signatures on the Server Sensor 7.0 like you can with the 
Network Sensor? I would think it possible by editing some of the ini files 

under the BlackIce directory on the server sensor installation. 
_______________________________________________ 
ISSForum mailing list 
ISSForum@iss.net 
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum 
To contact the ISSForum Moderator, send email to mod-issforum@iss.net 
The ISSForum mailing list is hosted and managed by Internet Security 
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328. 

_______________________________________________ 
ISSForum mailing list 
ISSForum@iss.net 
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum 
To contact the ISSForum Moderator, send email to mod-issforum@iss.net 
The ISSForum mailing list is hosted and managed by Internet Security 
Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.

**************************************************************************************************
Note: 
The information contained in this message may be privileged and 
confidential and 
protected from disclosure.  If the reader of this message is not the 
intended recipient, 
or an employee or agent responsible for delivering this message to the 
intended 
recipient, you are hereby notified that any dissemination, distribution or 
copying of this 
communication is strictly prohibited. If you have received this 
communication in error, 
please notify us immediately by replying to the message and deleting it 
from your 
computer. 
**************************************************************************************************


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [ISSForum] Realsecure Server Sensor - Network Filtering, Anderson, Mike
Next by Date:  AW: [ISSForum] Realsecure Server Sensor - Network Filtering, Mohr James
Previous by Thread:  RE: [ISSForum] Realsecure Server Sensor - Network Filtering, Anderson, Mike
Next by Thread:  RE: [ISSForum] Realsecure Server Sensor - Network Filtering, Andrew Plato
Indexes:  [Date] [Thread] [Top] [All Lists]