Symantecâ¢ Security Gateways Reference Guide - Sawmill

More documents

Recommendations

Info

364 IDS eventsSuspicious activitySuspicious activityBGP Authentication FailureBase Event:Details:ReferencesBGP_AUTH_FAILUREA BGP authentication failure was detected. This is an indication that an attack is being launched onthe network routers.BGP SpecificationsBGP Generic ErrorBase Event:Details:ReferencesBGP_GENERIC_ERROR_CONDITIONA BGP NOTIFICATION message, indicating a protocol error condition, was detected. This is anindication that an attack is being launched on the network routers.BGP SpecificationsBGP Invalid AGGREGATOR LengthBase Event:Details:ReferencesBGP_UPDATE_AGGREGATOR_BAD_LENGTHThe BGP UPDATE message contained an invalid AGGREGATOR length. This violation of thestandard could indicate an attempt to compromise the protocol.BGP SpecificationsBGP Invalid ASPATH LengthBase Event:Details:ReferencesBGP_UPDATE_ASPATH_BAD_LENGTHThe BGP UPDATE message contained an invalid ASPATH length. This violation of the standardcould indicate an attempt to compromise the protocol.BGP SpecificationsBGP Invalid Attribute FlagsBase Event:Details:ReferencesBGP_BAD_ATTRIBUTE_FLAGSThe lower four bits of the attribute flags field in a BGP UPDATE message must be set to zero, butwere not. This violation of the standard could indicate an attempt to compromise the protocol.BGP SpecificationsBGP Invalid Capability LengthBase Event:Details:ReferencesBGP_OPEN_INVALID_CAPABILITY_LENGTHThe BGP OPEN message capability field had a field length disallowed by the RFC. This violation ofthe standard could indicate an attempt to compromise the protocol.BGP Specifications
IDS eventsSuspicious activity365BGP Invalid COMMUNITIES LengthBase Event:Details:ReferencesBGP_UPDATE_COMMUNITIES_BAD_LENGTHThe BGP OPEN message capability field had a field length disallowed by the RFC. This violation ofthe standard could indicate an attempt to compromise the protocol.BGP SpecificationsBGP Invalid Hold TimeBase Event:Details:ReferencesBGP_INVALID_HOLD_TIMEThe BGP OPEN message advertised a hold time that falls outside the allowed range of values. Thisviolation of the standard could indicate an attempt to compromise the protocol.BGP SpecificationsBGP Invalid LOCAL_PREF LengthBase Event:Details:ReferencesBGP_UPDATE_LOCAL_PREF_BAD_LENGTHThe BGP UPDATE message contained an invalid ATOMIC_AGGREGATE length. This violation ofthe standard could indicate an attempt to compromise the protocol.BGP SpecificationsBGP Invalid KEEPALIVE Message LengthBase Event:Details:ReferencesBGP_BAD_KEEPALIVE_MSG_LENGTHThe BGP KEEPALIVE message length was outside the limitations specified in the RFC. Thisviolation of the standard could indicate an attempt to compromise the protocol.BGP SpecificationsBGP Invalid MarkerBase Event:Details:ReferencesBGP_BAD_MARKERThe BGP OPEN message marker has to consist of all 1s (0xFF), but a different marker was sent. Thisviolation of the standard could indicate an attempt to compromise the protocol.BGP SpecificationsBGP Invalid MarkerBase Event:Details:ReferencesBGP_OPEN_CAPABILITY_LENGTH_MISMATCHThe BGP OPEN message capability length was invalid. This violation of the standard could indicatean attempt to compromise the protocol.BGP SpecificationsBGP Invalid Message LengthBase Event:Details:ReferencesBGP_BAD_MSG_LENGTHThe BGP message length was outside the limitations specified in the RFC. This violation of thestandard could indicate an attempt to compromise the protocol.BGP Specifications
Page 1 and 2:
Symantec Security GatewaysReference
Page 3:
Licensing and registrationContactin
Page 6 and 7:
6 ContentsMail server record ......
Page 8 and 9:
8 ContentsChapter 9Chapter 10Append
Page 10 and 11:
10 Contents
Page 12 and 13:
12 Introducing Symantec security ga
Page 14 and 15:
14 Introducing Symantec security ga
Page 16 and 17:
16 Network security overviewSecurit
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
24 Network security overviewManagem
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
32 Security gateway fundamentalsRou
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
38 Security gateway fundamentalsDom
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
44 Understanding accessNetwork prot
Page 46 and 47:
46 Understanding accessNetwork prot
Page 48 and 49:
48 Understanding accessProxiesProxi
Page 50 and 51:
50 Understanding accessProxiesExamp
Page 52 and 53:
52 Understanding accessProxiesThe D
Page 54 and 55:
54 Understanding accessProxiesThe H
Page 56 and 57:
56 Understanding accessProxiesThe N
Page 58 and 59:
58 Understanding accessProxiesThe S
Page 60 and 61:
60 Understanding accessProxiesTable
Page 62 and 63:
62 Understanding accessService grou
Page 64 and 65:
64 Understanding accessRulesTable 4
Page 66 and 67:
66 Understanding accessRulesWhen a
Page 68 and 69:
68 Controlling service accessFilter
Page 70 and 71:
70 Controlling service accessFilter
Page 72 and 73:
72 Controlling service accessConten
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
78 Controlling user accessAuthentic
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
86 Controlling user accessTime Peri
Page 88 and 89:
88 Understanding VPN tunnelsTunnels
Page 90 and 91:
90 Understanding VPN tunnelsTunnels
Page 92 and 93:
92 Understanding VPN tunnelsIPsec s
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
100 Understanding VPN tunnelsGlobal
Page 102 and 103:
102 Monitoring security gateway tra
Page 104 and 105:
Page 106 and 107:
Page 108 and 109:
Page 110 and 111:
Page 112 and 113:
Page 114 and 115:
114 Preventing attacksAntivirus (ap
Page 116 and 117:
116 Preventing attacksIntrusion det
Page 118 and 119:
118 Preventing attacksLogical netwo
Page 120 and 121:
120 Preventing attacksAddress trans
Page 122 and 123:
Page 124 and 125:
Page 126 and 127:
126 Preventing attacksAnti-spam mea
Page 128 and 129:
128 Ensuring availabilitySymantec
Page 130 and 131:
130 Ensuring availabilityStateful f
Page 132 and 133:
132 Ensuring availabilityCluster ad
Page 134 and 135:
134 Log messagesInformational messa
Page 136 and 137:
Page 138 and 139:
Page 140 and 141:
Page 142 and 143:
Page 144 and 145:
Page 146 and 147:
Page 148 and 149:
Page 150 and 151:
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
158 Log messagesNotice messages (20
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
Page 168 and 169:
Page 170 and 171:
Page 172 and 173:
Page 174 and 175:
Page 176 and 177:
176 Log messagesWarning messages (3
Page 178 and 179:
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
Page 194 and 195:
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
230 Log messagesError messages (400
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
256 Log messagesAlert messages (500
Page 258 and 259:
258 Log messagesAlert messages (500
Page 260 and 261:
260 Log messagesCritical messages (
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
270 Log messagesEmergency messages
Page 272 and 273:
272 Log messagesEmergency messages
Page 274 and 275:
274 IDS eventsAbout IDS/IPS events
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
Page 294 and 295:
Page 296 and 297:
296 IDS eventsDenial-of-ServiceTabl
Page 298 and 299:
298 IDS eventsDenial-of-ServiceResp
Page 300 and 301:
300 IDS eventsDenial-of-ServiceMalf
Page 302 and 303:
302 IDS eventsIntrusion attemptsUnk
Page 304 and 305:
304 IDS eventsIntrusion attemptsCod
Page 306 and 307:
306 IDS eventsIntrusion attemptsDNS
Page 308 and 309:
308 IDS eventsIntrusion attemptsAff
Page 310 and 311:
310 IDS eventsIntrusion attemptsAff
Page 312 and 313:
312 IDS eventsIntrusion attemptsFTP
Page 314 and 315: 314 IDS eventsIntrusion attemptsHTT
Page 320 and 321: 320 IDS eventsIntrusion attemptsIMA
Page 322 and 323: 322 IDS eventsIntrusion attemptsIRC
Page 324 and 325: 324 IDS eventsIntrusion attemptsIRC
Page 326 and 327: 326 IDS eventsIntrusion attemptsAff
Page 328 and 329: 328 IDS eventsIntrusion attemptsNim
Page 330 and 331: 330 IDS eventsIntrusion attemptsNim
Page 332 and 333: 332 IDS eventsIntrusion attemptsOSP
Page 334 and 335: 334 IDS eventsIntrusion attemptsRlo
Page 342 and 343: 342 IDS eventsIntrusion attemptsSta
Page 352 and 353: 352 IDS eventsIntrusion attemptsWAR
Page 354 and 355: 354 IDS eventsProbesSensor Record F
Page 356 and 357: 356 IDS eventsProbesAffected:No spe
Page 358 and 359: 358 IDS eventsSignaturesSMTP Probin
Page 360 and 361: 360 IDS eventsSignaturesHTTP IIS IS
Page 362 and 363: 362 IDS eventsSignaturesAffected: A
Page 366 and 367: 366 IDS eventsSuspicious activityBG
Page 368 and 369: 368 IDS eventsSuspicious activityBG
Page 370 and 371: 370 IDS eventsSuspicious activityDN
Page 372 and 373: 372 IDS eventsSuspicious activityFT
Page 374 and 375: 374 IDS eventsSuspicious activityAf
Page 378 and 379: 378 IDS eventsSuspicious activityHT
Page 392 and 393: 392 IDS eventsSuspicious activityId
Page 394 and 395: 394 IDS eventsSuspicious activityIM
Page 404 and 405: 404 IDS eventsSuspicious activityMa
Page 414 and 415:
414 IDS eventsSuspicious activityMa
Page 416 and 417:
Page 418 and 419:
Page 420 and 421:
Page 422 and 423:
Page 424 and 425:
Page 426 and 427:
Page 428 and 429:
Page 430 and 431:
Page 432 and 433:
Page 434 and 435:
Page 436 and 437:
Page 438 and 439:
Page 440 and 441:
Page 442 and 443:
442 IDS eventsSuspicious activityNN
Page 444 and 445:
444 IDS eventsSuspicious activityOS
Page 446 and 447:
446 IDS eventsSuspicious activityOS
Page 448 and 449:
448 IDS eventsSuspicious activityPO
Page 450 and 451:
450 IDS eventsSuspicious activityRl
Page 452 and 453:
452 IDS eventsSuspicious activityRP
Page 454 and 455:
454 IDS eventsSuspicious activityRe
Page 456 and 457:
456 IDS eventsSuspicious activityAf
Page 458 and 459:
458 IDS eventsSuspicious activitySM
Page 460 and 461:
460 IDS eventsSuspicious activitySN
Page 462 and 463:
462 IDS eventsSuspicious activitySO
Page 464 and 465:
464 IDS eventsSuspicious activitySu
Page 466 and 467:
Page 468 and 469:
Page 470 and 471:
Page 472 and 473:
Page 474 and 475:
Page 476 and 477:
Page 478 and 479:
Page 480 and 481:
Page 482 and 483:
Page 484 and 485:
Page 486 and 487:
Page 488 and 489:
Page 490 and 491:
Page 492 and 493:
Page 494 and 495:
Page 496 and 497:
Page 498 and 499:
Page 500 and 501:
Page 502 and 503:
Page 504 and 505:
Page 506 and 507:
506 IDS eventsSuspicious activityAf
Page 508 and 509:
508 IDS eventsSuspicious activity
Page 510 and 511:
510 IndexIP address spoofing 21Man-
Page 512 and 513:
512 IndexHH.323alias report 105prox
Page 514 and 515:
514 IndexRTSP 57service parameters
Page 516:
516 Index
show all

Symantecâ¢ Security Gateways Reference Guide - Sawmill

Create successful ePaper yourself

Delete template?

Save as template?

Symantecâ¢ Security Gateways Reference Guide - Sawmill