[prev in list] [next in list] [prev in thread] [next in thread]
List: blackicedefender-general
Subject: Re: [bidgeneral] Re: Blackice not blocking Critical (Red) Attacks
From: Tien Leung <tien_leung () yahoo ! com>
Date: 2002-09-18 17:51:56
[Download RAW message or body]
Nothing.
That is a harmless attack! I don't know why it's RED.
It just means that you machine received a PING
response when it didn't send a PING request.
I didn't get an answer on whether you have opened any
specific ports.
You will get those SNMP attacks if UDP port 161, I
believe, is OPEN.
One thing to remember, a RED attack doesn't
necessarily mean that BlackICE will block it. The
ICMP attack you mentioned below is probably not auto
IP-address blocked.
--Tien--
--- karinsgreenhair <karinsgreenhair@yahoo.com> wrote:
> --- In bidgeneral@y..., "tien_leung"
> <tien_leung@y...> wrote:
> > I believe, for these attacks, BlackICE doesn't
> auto-block.
> >
> > By the way, you are at Paranoid; this means that
> you should not be
> > vulnerable to anything unless you've opened up
> certain ports.
> >
> > Do you know if you are running some kind of SNMP
> agent? Anyway,
> > since you are running in Paranoid level I wouldn't
> worry about the
> > SNMP attack, unless you've opened the SNMP port
> explicitly.
> >
>
>
> Take a look at this attack while I was sleeping last
> night.
>
> Time, Event, Intruder, Count, Destination Port,
> Response Level,
> Parameter(s)
> 09/17/2002 02:47:04 AM, Echo reply without request,
> **.**.**.***, 1,
> 0, A,
>
count=3&id=0x0237|0x029A&data=0x676573756E64686569742100|0x
>
>
> Again, a red attack. Blackice did not block future
> packets.
>
> What's going on with this thing?
>
> :(
>
>
>
>
>
__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sell a Home with Ease!
http://us.click.yahoo.com/SrPZMC/kTmEAA/MVfIAA/dkFolB/TM
---------------------------------------------------------------------~->
To Post a message, send it to: bidgeneral@eGroups.com
To Unsubscribe, send a blank message to: bidgeneral-unsubscribe@eGroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic