ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: TSM and IP hijacking

2003-07-14 07:46:12
Subject: Re: TSM and IP hijacking
From: Richard Sims <rbs AT BU DOT EDU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Mon, 14 Jul 2003 07:45:45 -0400 
>today I obtained this mail (translated) from one of our customer. I am not
>networking guru so much, I only know that IDS is some kind of network
>monitoring and analyzing tool but I don't know exactly what and how the IDS
>sonds working. These messages are reported somewhere on firewall and TSM
>comunication was interpreted as potential hijacking (by customer's people).
>Can you anybody give me some advice what is goung about and what to do or
>tell our customer representatives?
>
>Any help will be appreciate.
>Tomas
>
> -----Original Message-----
>Sent: Thursday, July 10, 2003 9:58 AM
>Subject: Tivoli - backup
>
>          During backup by TSM we obtained this messages from IDS sonds:  IP
>hijacking allows attackers to execute commands into someone's session
>(TCP_Hijacking_Tool)
>   We know that it is not hijacking, but it is not standard behavior. Can we
>do something with TSM comunications to get it out?
...

Tomas - Your customer should realize that the information they are getting out
        of that Intrusion Detection System is so vague as to be worse than
useless (as in, potentially misleading).  They need to look into better
configuring their RealSecure Network Sensor to hopefully get some substantive
information out of it.  If it can't do any better than that, they should look
into getting a better product, as it would then define itself as a waste of
money.

  Richard Sims, BU
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RES: DATABASE HELP!!!, T_MML
Next by Date:  Antwort: a question about db, Schmitz Garnebode
Previous by Thread:  Re: TSM and IP hijacking, Remco Post
Next by Thread:  Antwort: Re: auditdb fix=yes loop?, Schmitz Garnebode
Indexes:  [Date] [Thread] [Top] [All Lists]