Security Basics mailing list archives
Re: HELP IIS automatically adds IP address to the deny list !!!!
From: Ahmed Ameen <ahmedameen () gmail com>
Date: Wed, 10 Nov 2004 14:58:47 +0200
I found the cause for my problem, its MOM 2005. it has this rule that is on by defult that monitors IIS logs, and automatically adds IP's of hosts sending hacking traffic to the IP restriction list. By the way I called ISS and they said they don't have this functionality at least not to add it in the IIS block list. Thanks all for ur replies On Wed, 10 Nov 2004 21:43:06 +1300, Hayden Searle <hayden.searle () safecom co nz> wrote:
There are guys on this list from ISS so they will be able to tell you if I am wrong here, but it could be the integration of the host sensor and IIS being on the same box. With the tuning of the site protector 'policy' there may well be something in there that says "automatically block addresses which do x y amount of times' or something similar. This could be triggered by false positives, due to lack of tuning, or it could just be a setting that is resident in the host sensor if you aren't running a full ISS IDS implementation. IS guru's please let me know if I am wrong...but if I'm right it just goes to show it's a powerful product. If all else fails and none of the ISS guys reply log a support request with them to see if they have any ideas. Regards Hayden Searle Network Security Specialist -----Original Message----- From: Ahmed Ameen [mailto:ahmedameen () gmail com] Sent: Tuesday, 9 November 2004 9:09 p.m. To: security-basics () securityfocus com Subject: HELP IIS automatically adds IP address to the deny list !!!! Hi I have IIS 5 and ISS host sensor on it, we have been facing a problem of IP's being added automatically to the "ip address and domain name restriction". Does any one know what can be doing that ... -- Regards Ahmed Ameen ##################################################################################### Important: This electronic message and attachments (if any) are confidential and may be legally privileged. If you are not the intended recipient do not copy, disclose or use the contents in any way. Please let us know by return e-mail immediately and then destroy this message. #####################################################################################
-- Regards Ahmed Ameen
Current thread:
- HELP IIS automatically adds IP address to the deny list !!!! Ahmed Ameen (Nov 09)
- <Possible follow-ups>
- HELP IIS automatically adds IP address to the deny list !!!! Hayden Searle (Nov 10)
- Re: HELP IIS automatically adds IP address to the deny list !!!! Ahmed Ameen (Nov 10)