This is a forwarded message From: kashif <[EMAIL PROTECTED]> Date: Tuesday, April 6, 2004, 10:10:05 AM
Hello , I configured a few firecell signatures on the box it resulted in 1. BLOCKING TCP PORT 80 2. BLOCKING Connection of CONSOLE with the SERVER SENSROR I got 2 SOLUTIONS for it , which one do you think will work 1. Log in locally to the box. At that point go to the <DRIVE LETTER>\Program files\ISS\SERVER SENSOR\SENSOR NAME\ and delete the current.policy file. This will restore a default policy on the machine for you. If you are running this on a Linux / Unix box got to where you installed Server sensor and delete the file. Stop and restart the ISSDAEMON service on windows or run a ./realsecure stop then ./RealSecure start on the *NIX machine. This will trick the system into reloading a default policy you will have access and change the policy within WGM or SP to fix the issue. 2. I found C:\Program Files\ISS\issSensors\mailr1_sensor_1\BlackICE\ Firewall.ini Inside the file REJECT, xx.xx.xx.xx:1024 - 65535, 1003, 1970-01-01 00:00:00, PERPETUAL, 4000, RealSecure First I stopped blackd service and issDeamn I took this line off Then I started the services. The interesting I blocked port 25 only from the machine the firecell blocked all traffic from that machine!!! I not sure if it is bug!! -- Best regards, kashif mailto:[EMAIL PROTECTED] _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
