Table of Contents
Advertisement
IMAP:OVERFLOW:FLAG
IMAP:OVERFLOW:IMAP4-LSUB-OF
IMAP:OVERFLOW:LINE
IMAP:OVERFLOW:LIT_LENGTH_OFLOW
IMAP:OVERFLOW:MAILBOX
IMAP:OVERFLOW:PASS
IMAP:OVERFLOW:REFERENCE
IMAP:OVERFLOW:TAG
IMAP:OVERFLOW:USER
IMAP:REQERR:INVALID_LITERAL_LEN
IMAP:REQERR:REQ-INVALID-TAG
IMAP:REQERR:REQ-UNEXPECTED-ARG
Key
MS-RPC:DCOM:SVRNAME-2LONG
MS-RPC:EPDUMP-SCAN
Copyright © 2010, Juniper Networks, Inc.
This protocol anomaly is an IMAP flag that is too long. This
may indicate a buffer overflow attempt.
This signature detects buffer overflow attempts against the
IMAP package included with several Linux distributions.
Attackers may send a long string to the IMAP package to
execute code with daemon-level permissions.
This protocol anomaly is an IMAP line (from the client to the
server) that is too long. This may indicate a buffer overflow
attempt. NOTE: Long lines are parsed, which may generate
other IMAP overflow errors.
This protocol anomaly is an IMAP literal that specifies more
octets than the user-defined maximum. A literal is a
sequence of zero or more octets. The default maximum
number of octets is 65535.
This protocol anomaly is an IMAP mailbox name that is too
long. This may indicate a buffer overflow attempt.
This protocol anomaly is an IMAP user password that is too
long. This may indicate a buffer overflow attempt.
This protocol anomaly is an IMAP reference field that is too
long. This may indicate a buffer overflow attempt.
This protocol anomaly is an IMAP tag field that is too long.
This may indicate a buffer overflow attempt.
This protocol anomaly is an IMAP user name that is too long.
This may indicate a buffer overflow attempt.
This protocol anomaly is a literal that specifies a number of
octets containing a character that is not 0 or 9.
This protocol anomaly is an invalid IMAP tag, i.e., a tag that
begins with a white space or contains non-alphanumeric
characters. This may indicate a nonstandard IMAP client or
command line access to an IMAP server.
This protocol anomaly is an IMAP command with too many
arguments. This may indicate a nonstandard IMAP client or
command line access to an IMAP server.
Description
This protocol anomaly is a DCOM servername that is longer
than 32 octets in unicode.
This anomaly detects a client enumerating MSRPC endpoints
on a windows server. This may indicate a probing scan prior
to a more sophisticated attack.
Appendix E: Log Entries
high
sos5.0.0,
sos5.1.0
high
sos5.0.0,
sos5.1.0
high
sos5.0.0,
sos5.1.0
high
sos5.1.0
high
sos5.0.0,
sos5.1.0
high
sos5.0.0,
sos5.1.0
high
sos5.0.0,
sos5.1.0
high
sos5.0.0,
sos5.1.0
high
sos5.0.0,
sos5.1.0
high
sos5.1.0
medium
sos5.0.0,
sos5.1.0
medium
sos5.0.0,
sos5.1.0
Severity
Versions
critical
sos5.1.0
low
sos5.1.0
883
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3
- Juniper MEDIA FLOW CONTROLLER 2.0.4 -
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - AQL EVENT AND FLOW QUERY CLI GUIDE
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - EVENT CATEGORY CORRELATION REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - SNMP AGENT GUIDE REV 1
- Juniper STRM LOG MANAGEMENT 2008.2 - S 6-2008