[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] OT - Real Secure false positives?
Exactly. Ping is not session oriented and may not be captured even by a cleanup rule. SYN attacks can be sent in a manner that also does not actually attempt to open a connection so the firewall won't pick them up either. If you are interested in seeing how this is done, pick up a copy of _Hacking Exposed_. The purpose of an IDS system is exactly what you are seeing; catch what the firewall doesn't. You are now part of the "ones who know" what is really going on on the Internet. If anyone else is worried about this and would like to see a strong/inexpensive product for IDS, email me and I'd be happy to talk to you about becoming "one who knows" too(shameless sales). RealSecure is a great product for a very large wallet. Happy to sell you that for increased margin, but I'd love to give you some alternatives. And you thought I was just a trainer! ----- Original Message ----- From: "Tom Sevy" <[email protected]> To: "Check Point FW List (E-mail)" <[email protected]> Sent: Tuesday, September 26, 2000 12:39 PM Subject: [FW1] OT - Real Secure false positives? > > With recent versions of Real Secure, how likely are you to see false > positives? > > I am seeing PingFlood, SynFlood, TFN2000 warnings, but when I check > them, I > never find them in my FW logs. > > > ======================================================================== > ======== > To unsubscribe from this mailing list, please see the instructions > at > http://www.checkpoint.com/services/mailing.html > ======================================================================== > ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|