TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Real Secure SYNFLOOD events will always show up as
source 0.0.0.0. This is because the assumption is the
source address is spoofed (henced the SPOOFED address
in event description field).
When speaking to the Real Secure help desk I was told
this event may be generating false positives because
the server takes longer to complete the TCP/IP
connection than allowed for in the event signature. If
this is happening alot you can raise the threshold
level (High Water Mark in Advanced Tab).
Mike Ungar, CISSP, CPA, CISA
--- "Earley, Rickey D. CPL" <[EMAIL PROTECTED]>
wrote:
>
> TO UNSUBSCRIBE: email "unsubscribe issforum" in the
> body of your message to
> [EMAIL PROTECTED] Contact [EMAIL PROTECTED]
> for help with any problems!
>
----------------------------------------------------------------------------
>
> I have noticed in the last few days that I am
> getting a SYNFLOOD error. The
> Dest. Address is to a network printer and the source
> is 0.0.0.0 with info
> saying SPOOFEDSRC and then the IP address. Is there
> ANY reason I would be
> getting this from a network printer?? The source
> port is "any" and dest.
> Port "printer" The SPOOFEDSRC is outside of my
> network. Any help :-)
>
>
> Rickey Earley
> SPC, USA
> 93rd Signal Brigade Automation
> 706-791-9305
> DSN 780-9305
> [EMAIL PROTECTED]
>
>
__________________________________________________
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com
