[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] Real Desktop ICMP Questions

Hi All,
I have a few small questions to the real desktop product:

1) I would like to get log entries in the "View Security Events"
    for ICMP packets. I have enabled the available ICMP blocking.
    I see every day in my auditing work how dangerous ICMP can be and
    therefore I will be noticed if anybody sends me ICMP Packets.

2) Why are not all ICMP Types/Codes available?
   I miss for example TIMESTAMP and MASKREQ in the GUI?
   In the Blackice versions was it possible trough a manual Entry
   in the firewall.ini to add this.
   REJECT, 13:0, ICMP TIMESTAMP, 2001-10-15 00:01:00, PERPETUAL, 1000,
   REJECT, 17:0, ICMP MASKREQ, 2001-10-15 00:01:00, PERPETUAL,
   If i add this both in the Real Desktop firewall.ini works the
   but not the viewer.

3) Is it possible how by the proventias to add snort rules to the RSDP?
   In the moment is the RSDP not capable to catch for example the
   In my proventias got I this signature with the XPU 2.25.
   I thought until this case that both (proventia and rsdp) have the
   same engine?
   For such cases would it be very helpfull if I could customize RSDP
   with trons rules (only if neccessary).

4) Exist a List of possible values what I can modify how the Info
   Advanced Tuning Parameters for the proventia?

Best Regards
  Forum User

ISSForum mailing list

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.