[Dshield] Realsecure IDS

sbroderick.cs@clearstream.com sbroderick.cs at clearstream.com
Tue Mar 18 14:59:01 GMT 2003

I am using RealSecure 6.5 network sensors with a Workgroup Manager. I am
getting a lot of alerts for "IPunknown Protocol". I know that this event is
being raised because of esp protocol being used on our network. 
Can anyone tell me how I can create a filter for realsecure to ignore this

any help appreciated,


-----Original Message-----
From: Johannes Ullrich [mailto:jullrich at euclidian.com]
Sent: Tuesday, March 18, 2003 13:34
To: General DShield Discussion List
Subject: Re: [Dshield] OT:Viruses in Cell Phones?

> Off Topic?
don't think so. In particular if you use your cell phone to receive
alerts from your IDS and such. Disabling a sysadmins cell phone can
be part of a well planned attack.

> I recently had a good friend call with a problem. Their cell phones is not
> working and ATT is telling them they have a virus. Neither Nokia nor ATT
> will replace/repair the phone. 
> Has anyone else seen or heard of such a thing?

I have heard of a cell phone virus for i-mode phones in Japan. Also,
there are some 'DOS' style vulnerabilities in other phones that make
the phone unusable after receiving a specially formated text message.

Usually, 'rebooting' the phone (remove battery...) will fix it.

DoCoMo i-mode story:

Nokia DOS vulnerability:

However, there have also been 'Cell phone virus hoaxes':

jullrich at euclidian.com             Collaborative Intrusion Detection
                                         join http://www.dshield.org

list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:

Visit us at http://www.clearstream.com

Internet communications are not secure and therefore Clearstream International does not accept legal responsibility for the contents of this message.

The information contained in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any views expressed in this e-mail are those of the individual sender, except where the sender specifically states them to be the views of Clearstream International or of any of its affiliates or subsidiaries.


More information about the list mailing list