× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



For websphere we used IP address and ignored it
For PCs running Client Access it is something we live with until we find some other option
Which may be not relying on the IBM canned email alerts and scanning the logs and developing our own improved filtering capability.

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of JWGrant@xxxxxxxxxxxxxxx
Sent: Thursday, March 19, 2015 2:01 PM
To: Midrange Systems Technical Discussion
Subject: Re: Intrusion Detection v7r1 settings

Same issue here. Many products generate false positives. I have scoured the internet and IBM resources for info on how to tone down the false positives but have not yet found a solution.

Jim


Jim W Grant
Senior VP, Chief Information Officer
Web: www.pdpgroupinc.com




From: Jim Franz <franz9000@xxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Date: 03/19/2015 01:55 PM
Subject: Re: Intrusion Detection v7r1 settings
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



so how does one determine a real Ack Storm vs a product "feature"?
If I exclude the product (by port) then a real issue can be missed.
Jim

On Thu, Mar 19, 2015 at 1:47 PM, Mike Cunningham <mike.cunningham@xxxxxxx>
wrote:

I found the same thing. Websphere app server appears to create what
looks
like an intrusion as does Client Access devices set to auto-reconnect
and
you shut down qinter. Also some remote printers when a report gets
stuck
at
the printer as the printer sends back messages

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Jim Franz
Sent: Thursday, March 19, 2015 1:44 PM
To: Midrange Systems Technical Discussion
Subject: Intrusion Detection v7r1 settings

We have turned on the default IDS settings, and given the reports,
wondering if some of the normal IBM products are the cause of some
reports
and how others are working with this.
Can (and maybe prefer) to discuss offline.
Jim
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.