[prev in list] [next in list] [prev in thread] [next in thread] 

List:       blackicedefender-general
Subject:    [bidgeneral] Re: Blackice not blocking Critical (Red) Attacks
From:       "karinsgreenhair" <karinsgreenhair () yahoo ! com>
Date:       2002-09-19 2:03:31
[Download RAW message or body]

--- In bidgeneral@y..., Tien Leung <tien_leung@y...> wrote:
> Nothing.
> 
> That is a harmless attack!  I don't know why it's RED.
>  It just means that you machine received a PING
> response when it didn't send a PING request.
> 
> I didn't get an answer on whether you have opened any
> specific ports.  
> 
> You will get those SNMP attacks if UDP port 161, I
> believe, is OPEN.
> 
> One thing to remember, a RED attack doesn't
> necessarily mean that BlackICE will block it.  The
> ICMP attack you mentioned below is probably not auto
> IP-address blocked.
> --Tien--


No. I'm not running any SNMP or server of any kind. I use an SMTP 
mixmaster client, but that doesn't keep any ports open. 

From what I have read, auto-blocking only comes into effect on 
attacks that cannot be spoofed.

And even with Blackice set to Trusting, it still protects against 
everything anyway, right?  I have also noticed that when I have it 
set below Paranoid, events such as TCP Header Fragmentation, too 
much IP fragmentation, and a general Port Scan don't have a line 
through them. 


***shrug***
  


------------------------ Yahoo! Groups Sponsor ---------------------~-->
4 DVDs Free +s&p Join Now
http://us.click.yahoo.com/pt6YBB/NXiEAA/MVfIAA/dkFolB/TM
---------------------------------------------------------------------~->

To Post a message, send it to:   bidgeneral@eGroups.com
To Unsubscribe, send a blank message to: bidgeneral-unsubscribe@eGroups.com 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 


[prev in list] [next in list] [prev in thread] [next in thread]