• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Sensor Add-in or similar

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Misc.] >> ISA Server 2004 Wish List >> Sensor Add-in or similar Page: [1]
Login
Message << Older Topic   Newer Topic >>
Sensor Add-in or similar - 18.Aug.2004 8:45:00 PM   
Kiddx

 

Posts: 38
Joined: 12.Jun.2004
From: Boca Raton, FL
Status: offline
So Im looking at my anti spam gateway and my shiny new ISA 2004 server (which is working btw with true public DMZ!). I have the notices on for port scanning and such and was thinking it would be nice to have a way to take these port scans and put them into a Deny list automatically for lets say XX time or indefinitley. That would be a nice little addon that I dont know exists or is a way to do it in ISA itself. I guess if I could figure out a way to program rules in ISA via a script you could execute a script upon the alert but that would be way over my head..
Post #: 1
RE: Sensor Add-in or similar - 19.Aug.2004 2:17:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Kidd,

Yikes! Don't to that! You'll end up blocking the enter public address block. Focus your efforts are real exploits.

HTH,
Tom

(in reply to Kiddx)
Post #: 2
RE: Sensor Add-in or similar - 20.Aug.2004 12:22:00 PM   
penrose.l@2college.nl

 

Posts: 474
Joined: 29.Jan.2004
From: Netherlands
Status: offline
Tom's right,

What if a spoofed hacker using your ISA's default gateway triggers your alarm ?
Then your ISA deny's it's own default gateway and the hacker achieved a DOS attack.

But yea, it would be nice to make a 'smart' rule which doesn't allow such things. Or maybe IPv6 is the answer [Smile]

(in reply to Kiddx)
Post #: 3
RE: Sensor Add-in or similar - 24.Aug.2004 2:53:00 AM   
Kiddx

 

Posts: 38
Joined: 12.Jun.2004
From: Boca Raton, FL
Status: offline
haha, well i didnt really think of that, I was doing some reading on ids type systems that integrate on linux firewalls and do auto denies (the sensor is smart enough to know its own ips)

I do notice that isa 2004 seems to do this internally, I set the connection limit to 25 on my smtp server inside and every few hours the smtp stops, when looking in the logs there is no rule it just doesnt pass. When I goto the Connection Exceeded limit and reset it traffic passes again. Took me a couple of days to find that one [Smile]

(in reply to Kiddx)
Post #: 4
RE: Sensor Add-in or similar - 25.Aug.2004 1:07:00 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Kidd,

The connection limits are pretty configurable though. 25 is pretty low! You do have to experiment some. Users who use warez apps at like Kazaa and Bit Torrent are going to be very sad [Smile]

HTH,
Tom

(in reply to Kiddx)
Post #: 5
RE: Sensor Add-in or similar - 8.Oct.2004 7:17:00 PM   
mlopez

 

Posts: 2
Joined: 7.Oct.2004
Status: offline
ISS' RealSecure Server Sensor for ISA does what I think the original post as asking for. See:

http://www.iss.net/products_services/enterprise_protection/rsserver/protector_server.php

Please note that I have not tried this product. I am currently considering a an ISA system as a replacement for our company's perimeter firewall and shopping for ways to secure it and to improve the built-in intrusion prevention features. Any suggestions on doing this would be appreciated.

(in reply to Kiddx)
Post #: 6
RE: Sensor Add-in or similar - 9.Aug.2005 10:58:00 AM   
rtdurham

 

Posts: 1
Joined: 21.Jul.2004
From: Texarkana, TX
Status: offline
ISA serve 2004 is not supported by ISS yet. I know because I made an assumption when I upgraded that it would be. Ooops. I have been on the phone with them today trying to figure out how to make it work. They did say that it should be support in the second half of this year......which is now. Go figure.

(in reply to Kiddx)
Post #: 7

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Misc.] >> ISA Server 2004 Wish List >> Sensor Add-in or similar Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts