Link to home
Start Free TrialLog in
Avatar of ipsystems
ipsystems

asked on

BLACKICE SERVER and Auto-Blocking

Hi,
The Blackice server has an Auto-Block feature.
The auto-block, block only some types of known attacks.

We edit the .ini files and we add new entries to configuration, but, we need to make this entries with Auto-Block feature.

Is it possible to include some other attack types in Auto-Block feature?

Thanks for any help.
Avatar of chicagoan
chicagoan
Flag of United States of America image
The auto-blocking feature will adjust firewall settings when it detects serious attacks. Therefore, if a hacker wanted to kick you off a server, the hacker could simply spoof attacks at your computer from the server. The auto-blocking feature would (in theory) then block all further access to the server in question. In order to guard against this, the product only triggers auto-blocking on attacks that are difficult/impossible to spoof. For a list of intrusions that trigger auto-blocking, please look in the file "issuelist.csv" in column 4. Note that you can edit this file yourself in order to cause auto-blocking to occur on attacks that you are concerned about
Avatar of chicagoan
chicagoan
Flag of United States of America image
Does that help?
Can you come back and close the question or post further comment?
Avatar of ipsystems
ipsystems

ASKER


Hi,
Yes I discover how to block the listed issues with IP|RST but I need to personalize new "customized attack types" to fit my needs....

I try to put other issues and rulez in issuelist.csv and Blackice.ini with a unique number...but sometimes it does not work....

I am trying to block File Downlods from some types and block Http_Posts or containing some words that I consider and trying to attack...


ASKER CERTIFIED SOLUTION
Avatar of chicagoan
chicagoan
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial