Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Pix crashing with ISS snmp checks

From: Ted Doty <ted () iss net>
Date: Fri, 05 Mar 1999 15:21:57 -0500
At 01:40 PM 3/4/99 -0500, Eric Budke wrote:


Out of curiosity, how well can one determine where/when ISS stopped
checking. The /tmp logs seem to give some indication, but nothing concrete,
and unless I'm running a sniffer on the net at the same time, how does one
go about determining which state your at.  Cybercop on the other hand is a
lot more verbose about this, telling you before a test is run that it is
running a test and being able to stop them individually.


If you want to extract information on which checks were run against which
host by Internet Scanner (5.6.2 was the version mentioned earlier in the
thread), try:

findstr /R /C:"^# Time Stamp" logfilename.log

(where logfilename.log is the name of the log file you are searching).  If
you want this for only a single host, pipe this to another findstr
/C:"xxx.xxx.xxx.xxx" (put your host IP address here).

- Ted

-----------------------------------------------------------------------
Ted Doty, Internet Security Systems          | Phone: +1 678 443-6000
6600 Peachtree Dunwoody Road, 300 Embassy Row | Fax:   +1 678 443-6479
Atlanta, GA 30328  USA                       | Web: http://www.iss.net
-----------------------------------------------------------------------
PGP key fingerprint: 362A EAC7 9E08 1689  FD0F E625 D525 E1BE
Previous By Date Next
Previous By Thread Next

Current thread: