TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Marcel!
Open your policy with a text editor (like WordPad)
Scroll down to the very bottom to this area:
[\template\protocols\];
http =S 80;
ftp =S 21;
smtp =S 25;
pop =S 109-110;
imap =S 143 220;
nntp =S 119;
after 80 add a space and 8080 so it will look like this
http =S 80 8080;
Save the policy (note you can do this with current.policy on sensor or with
your console based policies) and apply to sensor.
Your sensor should now look for http_* signatures over port 8080 as well as
80
Greetings,
==================================
Brian Fitch, IDS Support Engineer
Internet Security Systems, Inc.
Phone - 404-236-2700 / 1-888-447-4861
Email - [EMAIL PROTECTED]
==================================
-----Original Message-----
From: Marcel Engel [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 30, 2000 11:50 AM
To: [EMAIL PROTECTED]
Subject: http-attack-signatures on another TCP port
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Hello,
we have an Real Secure Network Sensor 5.0 between the internal net and the
firewall. Inside the DMZ, there is a http-proxy-server. Communication
between internal User and Proxy goes over TCP port 8080. Is there a
possibility to configure Real Secure to use port 8080 for the predefined
http-attack-signatures. Make this sense? I found no way through help.
Thanks
Marcel Engel
#########################
Marcel Engel
Controlware GmbH
Gesch�ftsstelle Nord
Conventstra�e 12
22089 Hamburg / Germany
Phone +49 (0) 40 251746 34
Fax +49 (0) 40 251746 46
E-Mail [EMAIL PROTECTED]
#########################
