CSA 4.0.3 Exempt certain IPs from being detected as source of port scanning

We have an in-house vulnerability scanner that regularly
does port scans and we don't want to see events when the source IP is from the vulnerability scanner.
We tried a network access rule but it dose not work.
1) Network Shim is enabled
2) Network shield rule with Port scan detection is enabled.
3) Global correlation for scans is set to 100 within 60 minutes.
Basically we want to keep detecting port scans except scans from a specific IP.

Thanks Jay for your offer. The thing is NACL does not work in 4.0.x
Here is TAC responce for later versions (4.5.x or 5.x):
"It is possible to do this by changing the field "Commuincating with host
addresses" in the network shield rule. There are 2 ways to do this.
1. Create an exception rule. The exception rule is of type 'Network
Shield Rule'. Make it's action 'permit'. Click Port Scan Detection to
enable it. Include the ip address of the port scanner device in
"Communicating with host addresses".
or
2. Modify the original Network Shield Rule (the one with the deny
action). Next to "Communicating with host addresses", click 'Insert
Network Address Set', and click 'New'. In the new window,name the
network address set. Leave the "Address ranges matching" to and
change "but not:" to the ip address of the port scanner. Then click
'save'. Make sure that the Network Shield rule now contains your
Network address set under "Communicating with host addresses".
We typically recommend using method 1 because it prevents you from
having to modify the default rule set. But pick the method that works
best for your configuration."
I have to find away without upgrading.

Similar Messages

  • Is there a way to password protect certain apps from being used? Example I don't want my child to access my apps while he's using his on the iPad

    Is there a way to password protect certain apps from being used? Example I don't want my child to access my apps while he's using his on the iPad. I don't want to lock him out of the iPad. Let him use Angry birds, but not Sims or Games not appropriate for him that I play.

    Sorry, but it is not possible to restrict use of specific apps other that the few restrictions provided in the Restrictions settings, not unless the app itself provides some sort of lock. If you don't want your child playing certain games, the only answer is to not load them on the iPad he uses.
    Regards.

  • HT4906 Is there a way to keep certain pictures from being sent to iCloud?

    Is there a way to keep certain pictures from being sent to iCloud?

    Sorry, I meant from my Mac. I have pictures on my Mac that I don't want sent to my other devices.

  • Protecting certain backups from being deleted?

    say, i have a time machine backup. and its running full. the oldest backup i have is on 20th december 2010. i wanna know if there's a way to prevent that or other certain dates from being deleted?

    auturmis wrote:
    say, i have a time machine backup. and its running full. the oldest backup i have is on 20th december 2010. i wanna know if there's a way to prevent that or other certain dates from being deleted?
    No.
    As Matt says, it sounds like you may be doing something rather dangerous. Please clarify just what's going on, and we can provide some help.

  • How do i keep certain songs from being uploaded from my library to my ipod

    how do i keep certain songs form being uploaded from itunes to my ipod the check button does nothing
    30gig ipod   Windows 98  

    Set your iPod so you can manually manage your songs, see here for details:http://www.apple.com/support/ipod/tutorial/ipgettingstartedt3.html

  • Can I prevent certain words from being hyphenated or split?

    I have a client that is real picky about the title of their business which is 2 words from being separated with the first word on one line and the next word on the line below.  There are other times like names of people that will get hyphenated and they dont want that either.  I know I can turn off all hyphens but I still want them, just not with certain words.  Is there a way to control both of these?

    Hello,
    Just to throw in another option, I sometimes do this through find and change.
    I just type the word in the Find what field that I don't want to hyphenate,  and then I go to the change format area on the bottom of the dialog box and click the no break check box in the basic character formats area,  and then I change all in the document.
    Hope that helps too..
    babs

  • How to exclude certain playlists from being shuffled?

    I have Video IPOD and would like to know how to exclude certain play lists from being played when the "shuffle song" function is on?
    Appreciate your help.

    Going back to the beginning I think I misinterpretted your original question. I thought you wanted to be able to turn on the Shuffle Songs function of the iPod and when you played any playlist it would shuffle normally but you wanted to have some playlists that would play without shuffling without having to turn off that function.
    Now I think what you wanted to say was you want to shuffle song when playing your library on the iPod but if certain songs exist in your "do not shuffle" playlist, they would be skipped, right?
    If that is the case, you can do it with some Smart playlist manipulation. First create the "Do Not Shuffle" playlist and put everything in there that you do not want to show up when you are shuffle playing your library. Now create a new Smart Playlist where the rules are "Playlist IS NOT [do not shuffle]". Make that the only rule, check live updating and only checked songs. What will happen is that playlist will contain your entire library EXCEPT the ones you don't want shuffle played.
    Now when you listen to your iPod, you can use the Shuffle Songs option turned ON and play that smart playlist which will basically let you hear anything and everything in your library shuffled EXCEPT for those songs you designated to not include.
    Patrick

  • Can I exempt certain objects from motion blur?

    I'm noticing that motion blur is affecting the movement within embedded video clips.  In other words, when a person in my video moves, there's motion blur behind them.  I only want motion blur to affect movement created within the program.  Is there a way for me to tell it not to apply blurring to the embedded video clips?

    Apply blur only to the Layers you want.

  • Can a GPO block certain characters from being used in filenames, for SharePoint compatibility?

    What I'm wondering is: Is it possible to use GPOs to set up a prohibition on certain characters for saved file names, so that when someone attempts to save a file to a server share, it gives them a dialog box along the lines of "That name uses
    invalid characters, please call it something else and try again"?  
    The reason I ask is we've recently started using Office 365, and our server is set up to sync our office shares folder with our SharePoint Online site, so that people can access our documents from outside the office.  The problem is, the Office Uploader
    keeps running into files saved with invalid characters (invalid for SharePoint, anyway - things like pound sign, colon, etc).  I know there was a thread about a script that can go through after the fact and truncate file names, but I'm afraid this would
    confuse our users, and if possible I'd like to deal with the problem preemptively.  I'm pretty disappointed in SharePoint right about now.
    As it stands right now, if a user saves a file with an invalid character, it won't even warn them.  It'll save to the share, but simply fail to upload to the SharePoint site, and when the user goes looking for it online later, they'll be sorely disappointed.
    Some more details/background: I'm the sole (volunteer) IT guy at a small nonprofit that serves adults with disabilities, both in and out of the office.  We have about 13 computers (mostly laptops) with Win 8.1Enterprise and 28 or so employees.  
    We have a Win 2012 SBS that acts as domain controller and hosts a share that's available to all employees.  We have Office 365 E2 for NonProfits, and I've synced a Sharepoint library with our network share using SkyDrive Pro.
    We're trying to set up an auxiliary office in the next town over so clients don't have to travel all the way to our part of the county, so it's suddenly a lot more important that we get our documents online and synced up.
    If anyone has any ideas, I'd be extremely grateful!  Thanks!!

    Hi,
    As far as I know and as suggested by Mahdi, there is no such Group Policy settings which can help us to achieve this.
    However, as also suggested by Mahdi, we can ask for help in the following scripting forum to see whether some scripts can help achieving this.
    The Official Scripting Guys Forum
    https://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
    If we can get such a script, we can use Group Policy to deploy the script to clients.
    Best regards,
    Frank Shen

  • Restricting certain tables from being viewed

    Post Author: Adam00
    CA Forum: Data Connectivity and SQL
    Hello,  I need assistance with restricting some tables within Crystal.I have an SQL database with multiple tables, some of which we do not want to be seen through Crystal reports as they contain sensitive information. Is there a way in which to exclude a table or two from the crystal database view????  Thanking you in advance.

    Post Author: V361
    CA Forum: Data Connectivity and SQL
    Try this, file, options, database, in the data explorer there is a table name like,  owner like box.  Try excluding them there... I pulled this from the help section  
    Table name LIKE
    This box allows you to enter the SQL LIKE function to specify the kinds of table names you want to appear in the Database Expert. You can use the underscore character (_) and the percent sign character (%) as wildcards with this function. The underscore character specifies any single character, and while the percent sign signifies any character string. For example, DAV_ matches DAVE only, while DAV% matches both DAVE and DAVID. Table name Like C% would display only those tables that have a table name beginning with the letter C.
    Owner LIKE
    This box works exactly like the Table name Like box except that the LIKE function here is used to select the Owner (or Creator or Alias) of the table, not the table name itself. For example, Owner Like C% would display only those tables that have an owner beginning with the letter C.

  • Block IPs from accessing WLC web management

    Hi all,
    I have tried using access control list to block certain IPs from accessing WLC web management. I apply the ACL to interface management, but it seems like no effect at all.
    How can I block or permit some IPs so only certain IPs can access WLC web management ?
    Thanks in advance.

    I need deal with this matter also... So here's what I found:
    - you must use CPU acls - interface acls won't do what you want;
    - it appears that once you use an acl, you must explicitly define each type of traffic you want to allow, since an implicit deny all action occurs.
    I'm working on trying to restrict admin access to controllers in order address policy compliance matters. I'm disappointed at the lack of better documentation and practical examples on acls...
    If anyone can shed some light on this topic I think two of us would appreciate it...

  • Why can't I delete certain files from my Time Capsule?

    I don't have my Time Capsule set up to back up every hour or so.  It's set up so that I can manually drag & drop files into it.  I've been trying to free up space by deleting some movie files that don't need anymore.  They appear to be just .avi format but I haven't been paying close enough attention to see if any other formats won't delete.  What prevents certain files from being deleted from the Time Capsule?                                                                                

    Dogs 'n Front wrote:
    Under the DISK/File Sharing tab in Airport Utility, I have the File Sharing box checked.
    What about the setting for "Secure Shared Disks"?
    Dogs 'n Front wrote:
    I didn't check EVERY single video and their info but a few I checked had the same permissions:  "Everyone" and "Read & Write"
    I only asked about each folder down the hierarchy to and including one video you can't delete.
    If you copy a new file into each of the higher-level folders down to and including the "MOVIES" folder, can you then delete that new file?
    If you're willing to use a command in a Terminal session, I can tell you how to determine what process has a file open.
    I'll be offline for the next few hours, so I won't be able to reply as quickly as I've been for the last several exchanges.

  • Keeping certain songs from shuffling

    Is there any way to keep certain tracks from being shuffled. For example: can i make it so only music gets shuffled, and comedy doesn't?
    Thanks.

    Sorry...that one I don't know. I suggest you repost with a new topic. Maybe someone else will have the answer.

  • How to allow access only from certain IPs?

    I have Portal Server 6.0 on Sun ONE Web Server and want to allow access to it only from certain IPs, i.e. if my IP differs from predefined, then access is denied (no page is opened).
    How can I implement this with minimal efforts?
    Thanks in advance!

    Where did you set the ACLs?
    When webclients connect direct to the portal/ids this is pretty straight forward using htttpacl files. When SRAP GW's are used for Internet portal access the web or app-server never sees the client IP thus those ACLs don't get applied.
    Am I missing something (won't be the first time... or the last:-)
    Cheers,
    -psr

  • Block http/https from certain IPs

    Hi,
    Need advise on how to block http/https traffic from certain IPs. Created an AD group and added the machines to the group and then added a Access Policy to block 3 Protocols but it didn't work.
    Any suggestions?

    Hi,
    In the WSA, you can configure Identity Policy based on the IP/Subnet and use this Identity in an Access policy to restrict access.
    1). Go to WSA --> Web Security Manager --> Identities.
    2). Create a new Identity and under "Membership Definition" --> "Define Members by subnet" enter the IP addresses.
    3). Now go to Access policies, create a new Access policy and select the Identity created above.
    4). Now you can go to "Protocols and User Agents" for the policy and block the protocols which you do not want the PC's the use.
    -- Do Rate if helpful
    Regards,
    Kush

Maybe you are looking for

  • Hey everyone :) I need help resting my password secuirty questions

    Hey everyone okay so its getting a little bit frusturating because this is the second time now that i've had to rest my password secuirty questions, but i guess i have no one to blame but my self ugh. Anways sorry, i know kind of how to rest it but i

  • An error occurred during event processing in view InboxResultView_VP.htm

    Hi All, I am getting this specific error when I am trying to access one of the BSP application in HCM. An error occurred during event processing in view InboxResultView_VP.htm An exception has occurredException Class CX_SY_REF_IS_INITIAL Text: Derefe

  • 2 iPods into 1 iMac?

    Hi again folks, I currently own a 30GB iPod Photo but I'm buying my sister a 2GB iPod Nano for her Christmas. I was just wondering if it's safe to change between which iPod is plugged into the Firewire or USB socket? Obviously, I won't have both plug

  • Problem when running session bean

    Hi all, I am a new comer to jdeveloper11g and weblogic10.In these days i am trying to create session bean in jdeveloper. but i got this error when i am try to run the program using new sample client. mapped name=New-SessionEJB package=project1 Remote

  • Flash in this website menus

    Hi Does flash make up all of this website as i check the source code and I just see a flash embed? [URL=" http://www.kingclub.com.au/" I take it there is a scrolling textbox and the drop down menu is done how?