Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] BlackICE
From: James Kelly <james.kelly () TCS WAP ORG>
Date: Wed, 13 Sep 2000 07:39:11 -0400

I work at a major isp who will remain nameless and I see countless Blackice
logs in my daily work.
My gripes against it are:
1. It takes a computer with not many or no ports open and opens ports to listen
on them, thereby making your computer an attractive target for would-be
attackers.
2. The logs it creates are nonstandard and difficult to get at. I need to see
src port and ip, destination port and ip and I don't want to see what BlackIce
interprets...The logs are also not very informative.
3. I've had many instances where BlackIce has misinterpreted a traceroute or a
ping for an attack.

Frankly with all the talk on this list about "false positives" on scanning
tools on this list, I'm surprised anyone knowlegeable enough to read this list
would buy such a low rent product....just my two cents worth though;_)

jk

"Rhodes, Brian PFC--3SIG" wrote:

I don't know if this will help anyone at all on the BlackICE udp/tcp attack
issue...i had blackice installed on a personal computer of mine...and i
became rather *popular* against such attacks due to some of my
activities...and my computer reported each and every udp and tcp/ip attack
and defended me from it as well...and also these ports are set open with the
basic install and configs but who has the smarts to have a firewall then not
modify the settings...BlackICE was a very good defender for my personal
network...with a little bit of programming and fine-combing the settings...

Brian W. Rhodes
Information Systems Security Officer
US Army
(254)305-1181


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault