BLACKICE SERVER and Auto-Blocking

Hi,
The Blackice server has an Auto-Block feature.
The auto-block, block only some types of known attacks.

We edit the .ini files and we add new entries to configuration, but, we need to make this entries with Auto-Block feature.

Is it possible to include some other attack types in Auto-Block feature?

Thanks for any help.
ipsystemsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chicagoanCommented:
The auto-blocking feature will adjust firewall settings when it detects serious attacks. Therefore, if a hacker wanted to kick you off a server, the hacker could simply spoof attacks at your computer from the server. The auto-blocking feature would (in theory) then block all further access to the server in question. In order to guard against this, the product only triggers auto-blocking on attacks that are difficult/impossible to spoof. For a list of intrusions that trigger auto-blocking, please look in the file "issuelist.csv" in column 4. Note that you can edit this file yourself in order to cause auto-blocking to occur on attacks that you are concerned about
0
chicagoanCommented:
Does that help?
Can you come back and close the question or post further comment?
0
ipsystemsAuthor Commented:

Hi,
Yes I discover how to block the listed issues with IP|RST but I need to personalize new "customized attack types" to fit my needs....

I try to put other issues and rulez in issuelist.csv and Blackice.ini with a unique number...but sometimes it does not work....

I am trying to block File Downlods from some types and block Http_Posts or containing some words that I consider and trying to attack...


0
chicagoanCommented:
I'm not sure you can customize blackice in that fashion.
I think what you're looking for is going to have to proxy http for you so that you can examine the http requests.
Have you looked at urlscan?
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/urlscan.asp

btw: you have about 15 questions open in EE...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.