'Re: [bidgeneral] Re: Blackice not blocking Critical (Red) Attacks'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       blackicedefender-general
Subject:    Re: [bidgeneral] Re: Blackice not blocking Critical (Red) Attacks
From:       Tien Leung <tien_leung () yahoo ! com>
Date:       2002-09-18 17:51:56
[Download RAW message or body]

Nothing.

That is a harmless attack!  I don't know why it's RED.
 It just means that you machine received a PING
response when it didn't send a PING request.

I didn't get an answer on whether you have opened any
specific ports.  

You will get those SNMP attacks if UDP port 161, I
believe, is OPEN.

One thing to remember, a RED attack doesn't
necessarily mean that BlackICE will block it.  The
ICMP attack you mentioned below is probably not auto
IP-address blocked.
--Tien--

--- karinsgreenhair <karinsgreenhair@yahoo.com> wrote:
> --- In bidgeneral@y..., "tien_leung"
> <tien_leung@y...> wrote:
> > I believe, for these attacks, BlackICE doesn't
> auto-block.
> > 
> > By the way, you are at Paranoid; this means that
> you should not be 
> > vulnerable to anything unless you've opened up
> certain ports.
> > 
> > Do you know if you are running some kind of SNMP
> agent?  Anyway, 
> > since you are running in Paranoid level I wouldn't
> worry about the 
> > SNMP attack, unless you've opened the SNMP port
> explicitly.
> > 
> 
> 
> Take a look at this attack while I was sleeping last
> night. 
> 
> Time, Event, Intruder, Count, Destination Port,
> Response Level, 
> Parameter(s)
> 09/17/2002 02:47:04 AM, Echo reply without request,
> **.**.**.***, 1, 
> 0, A,
>
count=3&id=0x0237|0x029A&data=0x676573756E64686569742100|0x
> 
> 
> Again, a red attack. Blackice did not block future
> packets.
> 
> What's going on with this thing?
> 
> :(
> 
> 
> 
> 
> 


__________________________________________________
Do you Yahoo!?
Yahoo! News - Today's headlines
http://news.yahoo.com

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sell a Home with Ease!
http://us.click.yahoo.com/SrPZMC/kTmEAA/MVfIAA/dkFolB/TM
---------------------------------------------------------------------~->

To Post a message, send it to:   bidgeneral@eGroups.com
To Unsubscribe, send a blank message to: bidgeneral-unsubscribe@eGroups.com 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic