7 Replies Latest reply on Nov 25, 2009 10:26 AM by Sweep

    Escalating priveleges being blocked....?

    Travler

      Here's a poser:

       

      We have a tunnel set up where one of our system's external support team accesses a number of different machines on several different internal subnets.  We recently expanded and added some machines to a brand new subnet (192.168.39.x).  Now, when support accesses these new machines, they get their connection severed whenever they attempt to escalate priveleges to root/super user.  They do not experience this problem on any other subnet (including a 192.168.93.x subnet).  I shut down the I-2700 sensor and had them attempt it and it worked just fine, so it appears that Intrushield is definitely the culprit.  The strange thing is that we have absolutely no ACLs or anything else set up that would be causing this particular subnet to be treated any differently than the rest of our network.

       

      Any ideas?