Internet Security Systems 3.5, Desktop Protector Blocking Intrusions

Blocking Intrusions

Blocking Intrusions

Introduction Desktop Protector identifies and stops most intrusions according to your preset protection

level, but you may still notice activity that isn't explicitly blocked. This topic explains how

to handle intrusions from a particular address or intrusions that use a particular protocol.

Caution: Do not block port scans from your own internal network. This may interfere

with normal network management procedures.

Blocking an event

or an intruder

You can block any intruder listed on your events list. When you do, Desktop Protector

creates an IP address entry in your firewall that prevents all traffic from that IP address

from entering your system. To block an intruder or an event:

1. Do one of the fo llowing:

■On the Intruders tab, right-click the name of the intruder.

■On the Events tab, right-click the name of the event.

2. On the submenu , select the duration of the block.

Note: A month is defined as 30 days.

3. Click Ye s.

Blocking an IP

address

To block an IP address:

1. From t he Tools menu, select Advanced Firewall Settings.

The Advanced Firewall Properties window appears.

2. Click Add.

The Add Firewall Entry window appears.

3. Type a name for the IP address filter.

Note: This should be the name of the system to block, if you know it. For example, if

you are creating a filter to block all port scans from a known intruder, use the

intruder’s computer name for the name of this address filter. For information about

how to learn about intruders, see “Back Tracing” on page50.

4. Type the IP address or range of addresses for the system to block.

■Use standard

000.000.000.000

notation.

■If you are specifying a range of IP addresses, place a dash between them. For

example,

192.168.10.23–192.168.10.32

■To block transmissions from all IP addresses through a specific port, select All

Addresses.

Note: You cannot block all transmissions from all IP addresses in this window. To

block all unsolicited inbound traffic, select the “Paranoid” protection level on the

Firewall tab.

5. In the Mode area, select Reject.

6. In the Duration of Rule area, select the length of the block.

7. Click Add.

Desktop Protector adds the entry to the list in the Advanced Firewall Settings

window.