HELP IIS automatically adds IP address to the deny list !!!!

["Hayden Searle" <hayden.searle () safecom co nz>]

There are guys on this list from ISS so they will be able to tell you if
I am wrong here, but it could be the integration of the host sensor and
IIS being on the same box. With the tuning of the site protector
'policy' there may well be something in there that says "automatically
block addresses which do x y amount of times' or something similar. This
could be triggered by false positives, due to lack of tuning, or it
could just be a setting that is resident in the host sensor if you
aren't running a full ISS IDS implementation.

IS guru's please let me know if I am wrong...but if I'm right it just
goes to show it's a powerful product.

If all else fails and none of the ISS guys reply log a support request
with them to see if they have any ideas.

Regards

Hayden Searle
Network Security Specialist

-----Original Message-----
From: Ahmed Ameen [mailto:ahmedameen () gmail com] 
Sent: Tuesday, 9 November 2004 9:09 p.m.
To: security-basics () securityfocus com
Subject: HELP IIS automatically adds IP address to the deny list !!!!

Hi I have IIS 5 and ISS host sensor on it, we have been facing a
problem of IP's being added automatically to the "ip address and
domain name restriction".

Does any one know what can be doing that ...


-- 
Regards
Ahmed Ameen
#####################################################################################
Important: This electronic message and attachments (if any) are confidential
and may be legally privileged. If you are not the intended recipient do not
copy, disclose or use the contents in any way. Please let us know by return
e-mail immediately and then destroy this message.
#####################################################################################