[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] newbie question
Yeah, his site has really gone downhill over the past year or two. MAD is Malicious Activity Detection, a process that runs on the Management server and will periodically review the logs to find suspicious behaviour. (Multiple auth failures, port scan, syn and land attacks.) look in the cpmad.conf in conf directory. Cheers, CryptoTech Alexander Fabri wrote: > One of the lines in my log reads as follows : > > "13893" "4Oct2001" "10:23:32" "daemon" "127.0.0.1" "alert" > "accept" "" "Source ip x.x.x.x" "Destination ip x.x.x.x" "ip" "" > "" "" "" "" "" "" "" "" "" "" "MAD" " additionals: > a1ttack=blocked_connection_port_scanning" > > Could somebody please explain what MAD means as I did not find anything > on phoneboy FAQ's. > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|