RIP False Positives

G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Howdy, we have a hardware firewall deployed that has built in IDS(??). Not
exactly sure what the IDS is, it's built into the SMC firewall -- I will
assume it's propriatary.

We are getting pounded with RIPv1 alerts every night and they stop around
8am or 9am. Something tells me that this might be a false positive but how
to I verify that?

--
''~``
( o o )
+------------------.oooO--(_)--Oooo.------------------+
| NO BANANA UNION AGAINST-TCPA |
| demo.ffii.org .oooO www.againsttcpa.com |
| ( ) Oooo. |
+---------------------\ (----( )--------------------+
\_) ) /
(_/
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

darkog <kaliski_staddon-usenetATyahooDOTcom> wrote:
> We are getting pounded with RIPv1 alerts every night and they stop around
> 8am or 9am. Something tells me that this might be a false positive but how
> to I verify that?

It is useless to have an IDS, if you don't now what exactly it is doing,
and you have a broad knowledge of how networks are working.

Switch it off.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
 
G

Guest

Guest
Archived from groups: comp.security.firewalls (More info?)

Volker Birk <bumens@dingens.org> wrote in news:43310240@news.uni-ulm.de:

> darkog <kaliski_staddon-usenetATyahooDOTcom> wrote:
>> We are getting pounded with RIPv1 alerts every night and they stop
>> around 8am or 9am. Something tells me that this might be a false
>> positive but how to I verify that?
>
> It is useless to have an IDS, if you don't now what exactly it is
> doing, and you have a broad knowledge of how networks are working.
>
> Switch it off.
>
> Yours,
> VB.

yes. that is an option.

i would still be interested to learn how does one confirm this type of
false positive for my own education.

there are threshhold settings i can adjust, but they do don't seem to be
very descriptive or intuitive. and nowhere in the settings or in the skimpy
manual does it mention anything about the alerts or how to manage them.

thanx

--
''~``
( o o )
+------------------.oooO--(_)--Oooo.------------------+
| NO BANANA UNION AGAINST-TCPA |
| demo.ffii.org .oooO www.againsttcpa.com |
| ( ) Oooo. |
+---------------------\ (----( )--------------------+
\_) ) /
(_/