Быстрый поиск
Russia Ukraine Belarus Israel Turkey Lithuania Latvia Estonia Mongolia Moldova Armenia Kazahstan Georgia
Смотрите также
Вопрос: Где взять описание событий, генерируемых системой IDS в межсетевых экранах D-Link (например, DFL-200, DFL-700, DFL-1100 и т.д.)?

Ответ: 

Так как база атак постоянно изменяется и добавляются новые сигнатуры, то ведение подробной документации по описанием атак не представляется возможным. Для получения информации по конкретной атаке можно воспользоваться поиском на сайтах, посвященных безопасности, например http://www.snort.org

Пример:
В логе межсетевого экрана появилась запись:

The following IDS events have occurred:
Count Log message
----- -----------
2 WEB-IIS _vti_inf access
1 WEB-IIS view source via translate header

Поиск по www.snort.org дает следующие результаты:

GEN:SID 1:990
Message WEB-FRONTPAGE _vti_inf.html access
Rule alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-FRONTPAGE _vti_inf.html access"; flow:to_server,established; uricontent:"/_vti_inf.html"; nocase; reference:nessus,11455; classtype:web-application-activity; sid:990; rev:9;)
Summary This event is generated when an attempt is made to access a file with '_vti_inf' in the name.
Impact Information gathering. This attack can leak the version number and scripting paths of Microsoft FrontPage.
Detailed Information Microsoft FrontPage provides software for web designers to generate and administer web pages. The file '_vti_inf.html' contains FrontPage configuration information of version number and scripting paths that is normally used by a FrontPage client to communicate with the server. An attacker can craft a URL to access this file to disclose the version number and scripting paths.
Affected Systems ???
Attack Scenarios An attacker can craft a URL to access the '_vti_inf' file to learn the version and scripting paths of FrontPage.
Ease of Attack Simple.
False Positives None Known.
If you think this rule has a false positives, please
help fill it out.
False Negatives None Known.
If you think this rule has a false negatives, please
help fill it out.
Corrective Action Apply patches and upgrade to most current version of FrontPage.
Contributors Original rule writer unknown
Modified by Brian Caswell
Sourcefire Research Team
Judy Novak
Additional References  
Rule References nessus: 11455
Продукты и решения | Поддержка  | Новости  | О компании |