Re: RIP False Positives
From: darkog (kaliski_staddon-usenetATyahooDOTcom)
Date: 09/21/05
- Next message: BG Mahesh: "BrowseGate 3 uses too much of CPU"
- Previous message: Eric D: "Re: ZA 6 and Google Desktop"
- In reply to: Volker Birk: "Re: RIP False Positives"
- Next in thread: Volker Birk: "Re: RIP False Positives"
- Reply: Volker Birk: "Re: RIP False Positives"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Sep 2005 06:07:18 -0500
Volker Birk <bumens@dingens.org> wrote in news:43310240@news.uni-ulm.de:
> darkog <kaliski_staddon-usenetATyahooDOTcom> wrote:
>> We are getting pounded with RIPv1 alerts every night and they stop
>> around 8am or 9am. Something tells me that this might be a false
>> positive but how to I verify that?
>
> It is useless to have an IDS, if you don't now what exactly it is
> doing, and you have a broad knowledge of how networks are working.
>
> Switch it off.
>
> Yours,
> VB.
yes. that is an option.
i would still be interested to learn how does one confirm this type of
false positive for my own education.
there are threshhold settings i can adjust, but they do don't seem to be
very descriptive or intuitive. and nowhere in the settings or in the skimpy
manual does it mention anything about the alerts or how to manage them.
thanx
--
''~``
( o o )
+------------------.oooO--(_)--Oooo.------------------+
| NO BANANA UNION AGAINST-TCPA |
| demo.ffii.org .oooO www.againsttcpa.com |
| ( ) Oooo. |
+---------------------\ (----( )--------------------+
\_) ) /
(_/
- Next message: BG Mahesh: "BrowseGate 3 uses too much of CPU"
- Previous message: Eric D: "Re: ZA 6 and Google Desktop"
- In reply to: Volker Birk: "Re: RIP False Positives"
- Next in thread: Volker Birk: "Re: RIP False Positives"
- Reply: Volker Birk: "Re: RIP False Positives"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
