Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I have an internel and an external sensor. Both sensors are picking up Netsky virus activity from the same external address. My outside sensor is setup to shun those addresses. Should't that prevent any signatures from passing through the firewall?
I upgraded to 4.1-3-S61 and am now getting several rf poison signatures throught the internal network. Does anybody know what process might trigger this alert and how to filter it other than disabling the sig?
I have a 2610 router as my gateway. I want to block and ip range from passing through. I have been under a constant flow of MSSQL Command sig's and want to block the entire 61.0.0.0 network. What is the syntax for the access list. I have "access-list...
I have recently installed a 4235 sensor. I am not getting any activity on the siffer port. I have moved the cables around but still have no luck. How do I edit the packetd.conf file to make sure the settings are correct?
The theory makes sense but I have already scanned all internal systems for any virus/worm activity and the inside sensor is not picking up an any internal activity.
I do not have a sniffer to analyze the traffic, my attack numbers aren't quite as high as your but are rapidly climbing daily. I too have ruled out a misconfiguration as my sensor is outside the network with inbound traffic being detected.
3.1-3-S37That is how I have the cables plugged in. There is only a link light on port 2 with activity, port 1 has no lights at all. When the sensor boots I see some error concerning the ethernet but it passes to fast to read.
Just set a port scan to high and block and run that scan from an outside source. I have all port scans set to high severity and to automatically block and it works great. Don't forget to add your IP's that you don't want blocked to your sensor config...
