TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hi Marc
Yes, I have done this about once a month over the past six months and
usually get a response from ISS. I guess it depends on the ISS Tech Support
engineer that gets assigned to your problem when you contact them. Some are
helpful and others are not. Most of the time, the problem appears to be with
a company setting RS Kill response to a SYNFlood event and their SYNFlood
event parameters� (HighWaterMark & PacketsPerEvent) values are set low (or
the default settings) causing retransmitted TCP packets to trigger a
SYNFlood event (false positive) and RS Kill response. Brian Laing�s message
describes this problem with busy web servers and HTTP. I�ve also seen this
happen with SMTP. Further, I know that some companies generate an RS Kill
response if they detect SMTP traffic containing a virus.
Cheers,
Bruce
-----Original Message-----
From: Marc Class [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 14, 2000 9:55 PM
To: Weir, Bruce
Cc: [EMAIL PROTECTED]
Subject: RE: RealSecure Kill
Hi Bruce
Have you actually done this ??
We occasionaly also receive RS Kills and I would be
interested in finding out
why they are generated but I got a different story from ISS.
Cheers
MARC
>===== Original Message From "Weir, Bruce"
<[EMAIL PROTECTED]> =====
>TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of
your message to
>[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help
with any problems!
>---------------------------------------------------------------------------
-
>
>Contact ISS Customer Support. They have the contact
information for all the
>Custids. ISS will not tell you the name of company that the
Custid belongs
>to, however, they will contact the them and ask why the RS
Kill was
>generated. ISS will ask you to send an email message with a
copy of the RS
>Kill event (email alarm, etc.) attached. After ISS contacts
the company, RS
>Kill traffic usually stops.
>
>Bruce
>
>
> -----Original Message-----
> From: Fleck, Michael
[mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 11, 2000 5:15 PM
> To: '[EMAIL PROTECTED]'
> Cc: Briese, Charles (Chuck)
> Subject: RealSecure Kill
>
>
> TO UNSUBSCRIBE: email "unsubscribe issforum"
in the body of
>your message to
> [EMAIL PROTECTED] Contact
[EMAIL PROTECTED] for help
>with any problems!
>
>---------------------------------------------------------------------------
-
>
> Occasionally pick up RealSecure Kill entries
in my Sensor
>loges. How can I
> reference the Custid back to a warm body to
inquire why the
>Kill was
> generated.
>
> > Michael Fleck
> > Internet Infrastructure Security
> > Compaq Computer Corporation
> > 20555 SH 249 ( MC 020303 )
> > Houston, TX 77070
> > Telephone: (281) 518-7067
> > Pager: (713) 762-8464
> >
> >
MNET Australia Pty. Ltd.
Melbourne - Beautiful one day Overcast the next
Australia
[EMAIL PROTECTED]
