Re: RE: BlackICE product description?

[andyb () lexmark com (andyb () lexmark com)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
I simply downloaded the zipped files, unzipped them all into one directory, and
ran it.  I seem to recall that there are two different zip files from the site
that had to be present -  the first time I ran it, it was missing some required
parts.  It may have been in the libcap directory, but I don't remember.  I found
it the old fashioned way - load, run, error message, look for file it couldn't
find, load, run....

Andy

Whenever%rochester.rr.com () interlock lexmark com on 06/16/2000 11:13:16 PM

To:   Andy_Brinkhorst/Lex/Lexmark@LEXMARK
cc:    (bcc: Andy Brinkhorst/Lex/Lexmark)
Subject:  Re: IDS: RE: BlackICE product description?

One Question. How does one set up the Ethereal package in a Windows
environment? Being not very literate when it comes to changing settings from
one environment to another would make any help appreciated. I would like to
read the enc files.
Thank you
Gordy

----- Original Message -----
From: <andyb () lexmark com>
To: <ids () uow edu au>
Sent: Friday, June 16, 2000 11:56 AM
Subject: Re: IDS: RE: BlackICE product description?

> Archive: http://msgs.securepoint.com/ids
> FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner () uow edu au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
> --------------------------------------------------------------------------

> I've used Blackice at home for a while, and have the following two points
to
> contribute:
>
> 1) There is an .ini file (firewall.ini) that allows for more granular
control.
> It look similar to standard routing rules, and work in the same manner
(i.e DENY
> and PERMIT on specific ports to/from specific hosts).  Their existance
isn't
> included in the manual, but if you dig through the knowledgebase pages
trying
> to, for instance, make ICQ (or Napster :O  ) work, you'll find them.  They
> explain the file location/purpose/format fairly well.
http://advice.networkice.com/advice/support/kb/q000017/default.htm
> <--- making ICQ work
http://advice.networkice.com/advice/support/kb/q000091/default.htm
> <--- firewall.ini format
>
> 2) There are packet captures that can be read with standard network
monitoring
> tools that provide sniffer/analyzer levels of detail, but you need to
enable
> them.  They create standard .enc files that must be read with an
appropriate
> reader.   The FAQ on the Blackice support page points you to Robert
Graham's web
> pages for some tools.  I've been using the Ethereal package that's been
ported
> to windows.
>
>            http://www.networkice.com/html/blackice_faq.html   <--- 2nd
question,
> finding reader for .enc log files.
>
>
> regards,
> Andy