Solved

BLACKICE SERVER and Auto-Blocking

Posted on 2003-11-09
4
312 Views
Last Modified: 2010-04-11
Hi,
The Blackice server has an Auto-Block feature.
The auto-block, block only some types of known attacks.

We edit the .ini files and we add new entries to configuration, but, we need to make this entries with Auto-Block feature.

Is it possible to include some other attack types in Auto-Block feature?

Thanks for any help.
0
Comment
Question by:ipsystems
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 18

Expert Comment

by:chicagoan
ID: 9712208
The auto-blocking feature will adjust firewall settings when it detects serious attacks. Therefore, if a hacker wanted to kick you off a server, the hacker could simply spoof attacks at your computer from the server. The auto-blocking feature would (in theory) then block all further access to the server in question. In order to guard against this, the product only triggers auto-blocking on attacks that are difficult/impossible to spoof. For a list of intrusions that trigger auto-blocking, please look in the file "issuelist.csv" in column 4. Note that you can edit this file yourself in order to cause auto-blocking to occur on attacks that you are concerned about
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 9803991
Does that help?
Can you come back and close the question or post further comment?
0
 

Author Comment

by:ipsystems
ID: 9804008

Hi,
Yes I discover how to block the listed issues with IP|RST but I need to personalize new "customized attack types" to fit my needs....

I try to put other issues and rulez in issuelist.csv and Blackice.ini with a unique number...but sometimes it does not work....

I am trying to block File Downlods from some types and block Http_Posts or containing some words that I consider and trying to attack...


0
 
LVL 18

Accepted Solution

by:
chicagoan earned 500 total points
ID: 9804033
I'm not sure you can customize blackice in that fashion.
I think what you're looking for is going to have to proxy http for you so that you can examine the http requests.
Have you looked at urlscan?
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/tools/urlscan.asp

btw: you have about 15 questions open in EE...
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses
Course of the Month11 days, 1 hour left to enroll

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question