Network Security: Detailed info on Re: [ISSForum] Backdoor testing on Preventia G2000

Subject:	Re: [ISSForum] Backdoor testing on Preventia G2000
Date:	Thu, 13 Oct 2005 16:35:40 +0200

Ricardo,

I havent tested this with G2000, however from my experience PAM will not 
fire the bo2k event if you are shooting it in the blue sky, i.e. if 
there is no trojan listening at the backend. I believe this is because 
of the nature of PAM to prevent false pos and report real world events 
only. However certain scanners may trigger the event, which would proove 
my theory to be wrong. My guess is the behaviour is something in between.
In fact it is more difficult to pentest a G2000 vs. other sensors cause 
you may have to prepare some real world hacks rather than pretending to 
be the bad guy!

Regards
Karl
Ricardo Vargas Lopez schrieb:

Hi Gurus:

 

We are testing the proventia G2000  in-line protection mode but it doesn't
recognize the bo2k.exe that is an backdoor program to testing this attack. 

 

Do you have suggestions about what is the correct form to how to configure
the proventia G2000?

 

Thanks in advance.

 

 

RV

 

 

_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.



-- 
  Karl-Heinz Jaeger
Manager Customer Services

______________________________________________________________

Schützen Sie Ihr Netz von Innen. - Sensibilisieren Sie Ihre Mitarbeiter
für IT-Sicherheit.
Erfahren Sie alles über unser kostenloses Security Awareness Training
unter: http://www.open-beware.de

Besuchen Sie unseren IDP-Workshop am 16.November 2005 in Frankfurt.
Informieren Sie sich hier: http://www.bdg.de/

Treffen Sie am 19. jeden Monats IT-Sicherheits-Experten beim
BDG-Security-Point!
Alle Informationen finden Sie hier: http://www.bdg.de/security-point

______________________________________________________________

* BDG GmbH & Co. KG - Make IT safe.
* Stolbergerstr. 307
D-50933 Koeln

Tel:      +49 (0)6126-94433-0
Fax:    +49 (0)6126-94433-31

E-Mail: karl.jaeger@bdg.de <mailto:karl.jaeger@bdg.de>
Web:   www.bdg.de <http://www.bdg.de>

______________________________________________________________


_______________________________________________
ISSForum mailing list
ISSForum@iss.net

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to 
https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@iss.net

The ISSForum mailing list is hosted and managed by Internet Security Systems, 
6303 Barfield Road, Atlanta, Georgia, USA 30328.

<Prev in Thread]	Current Thread	[Next in Thread>
[ISSForum] Backdoor testing on Preventia G2000, Ricardo Vargas Lopez Re: [ISSForum] Backdoor testing on Preventia G2000, jaeger <=

Previous by Date:	[ISSForum] Sending high alerts to a flatfile or Tivoli, Reiver
Next by Date:	Re: [ISSForum] Site Protector 2.0 Backup / Restore, Duncanson, Robert
Previous by Thread:	[ISSForum] Backdoor testing on Preventia G2000, Ricardo Vargas Lopez
Next by Thread:	[ISSForum] Raising the severity of POP3_Auth_Failed if it pass a thershold, hic sonni
Indexes:	[Date] [Thread] [Top] [All Lists]