[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] Real Desktop ICMP Questions



Hi All,
 
I have a few small questions to the real desktop product:

1) I would like to get log entries in the "View Security Events"
    for ICMP packets. I have enabled the available ICMP blocking.
    I see every day in my auditing work how dangerous ICMP can be and
    therefore I will be noticed if anybody sends me ICMP Packets.

2) Why are not all ICMP Types/Codes available?
   I miss for example TIMESTAMP and MASKREQ in the GUI?
   In the Blackice versions was it possible trough a manual Entry
   in the firewall.ini to add this.
   REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000,
   unknown
   REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL,
   1000,unknown
   If i add this both in the Real Desktop firewall.ini works the
   blocking
   but not the viewer.

3) Is it possible how by the proventias to add snort rules to the RSDP?
   In the moment is the RSDP not capable to catch for example the
   HTTP_IE_ADODB_Stream_SaveToFile
   In my proventias got I this signature with the XPU 2.25.
   I thought until this case that both (proventia and rsdp) have the
   same engine?
   For such cases would it be very helpfull if I could customize RSDP
   with trons rules (only if neccessary).

4) Exist a List of possible values what I can modify how the Info
   Advanced Tuning Parameters for the proventia?

Best Regards
Peter
-- 
  Forum User
  issforum@xxxxxxxxxxx

_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.