Hi there,
I tried the alert.sh (Vers 2.1.1) script from Lance Spitzner on FW-1 NG FP3
on Nokia IP 530 running IPSO 3.6-FCS4 releng 1061 08.28.2002-001900.
The alert.sh script looks for frequent port scans and offers the option to
block an ip-address as an intruder automatically via calling the alert.sh
script behind an user-defined alert.
The script started by the user-defined alert runs okay on my configuration.
But the blocking crashes with the FW-1 SAM Error Message
"sam: Unexpected end of session. It is possible that the SAM request
for 'Inhibit src ip 192.168.1.222 on All' was not enforced."
Running the same sript from or the relevant statement as administrator on
the command line works fine:
$FWDIR/bin/fw sam -t 40 -J src 192.168.1.222
Do you have any idea, what's going wrong?
Thank you for your advice
U. Schlaak
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
