Table of Contents
Advertisement
Network and Security Manager Administration Guide
Table 124: Deep Inspection Alarm Log Entries (continued)
Attack Name
CHAT:MSN:LOGIN-ATTEMPT
DB:MS-SQL:SQLXML-ISAPI-OF
DNS:AUDIT:CLASS-NON-IN
DNS:AUDIT:QCLASS-UNEXP
DNS:AUDIT:REP-QTYPE-UNEXPECTED
DNS:AUDIT:REP-S2C-QUERY
DNS:AUDIT:REQ-C2S-RESPONSE
DNS:AUDIT:REQ-INVALID-HDR-RA
DNS:AUDIT:TYPE-ANY
DNS:EXPLOIT:EMPTY-UDP-MSG
DNS:EXPLOIT:EXPLOIT-BIND9-RT
DNS:EXPLOIT:POINTER-LOOP
866
Attack Description
This signature detects attempts to login to the MSN network
using an MSN Messenger client.
This signature detects buffer overflow attempts against the
SQLXML-ASAPI Extension in Microsoft SQL Server 2000.
The SQLXML-ASAPI extension handles data queries over
HTTP (SQLXML HTTP); attackers may connect to the target
host and submit maliciously crafted data to create a buffer
overflow.
This protocol anomaly is a DNS request/reply in which the
question/resource address class is not IN (Internet Address).
Although allowed by the RFC, this should happen only in
rare circumstances and may indicate an exploit attempt.
This protocol anomaly is a DNS reply with a resource
specifying a CLASS ID reserved for queries only (QCLASS).
This may indicate an exploit attempt.
This protocol anomaly is a DNS reply with a resource
specifying a TYPE ID reserved for queries only (QTYPE). This
may indicate an exploit attempt.
This protocol anomaly is a DNS reply with a query/reply bit
(QR) that is unset (indicating a query). This may indicate an
exploit attempt.
This protocol anomaly is a DNS request with a query/reply
bit (QR) set (indicating a reply). This may indicate an exploit
attempt.
This protocol anomaly is a client-to-server DNS message
with the recursion-available bit (RA) set. This may indicate
an exploit attempt.
This protocol anomaly is a DNS request with request type
set to "ANY".
This protocol anomaly is an empty DNS UDP message. This
may indicate an exploit attempt.
This protocol anomaly is an rdataset parameter to the
dns_message_findtype() function in message.c that is not
NULL. In BIND 9 (up to 9.2.0), attackers may cause a
shutdown on an assertion failure. Note: Common queries in
routine operations (such as SMTP queries) may trigger this
anomaly.
This protocol anomaly is a DNS message with a set of DNS
pointers that form a loop. This may indicate a
denial-of-service (DoS) attempt.
Severity
Versions
info
sos5.1.0
high
sos5.1.0
info
sos5.1.0
info
sos5.1.0
info
sos5.1.0
info
sos5.1.0
info
sos5.1.0
info
sos5.1.0
info
sos5.1.0
high
sos5.0.0,
sos5.1.0
high
sos5.0.0,
sos5.1.0
high
sos5.0.0,
sos5.1.0
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Related Manuals for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
Related Products for Juniper NETWORK AND SECURITY MANAGER 2010.3 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - CONFIGURING INTRUSION DETECTION AND PREVENTION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING INTRUSION DETECTION PREVENTION DEVICES GUIDE REV 01
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - API GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.3 - M-SERIES AND MX-SERIES DEVICES GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.2 - ADMINISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING J SERIES SERVICES ROUTERS AND SRX SERIES SERVICES GATEWAYS GUIDE REV
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - ADMININISTRATION GUIDE REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - NSMXPRESS SERIES II REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - REV1
- Juniper NETWORK AND SECURITY MANAGER 2010.4 - M-SERIES AND MX-SERIES DEVICES GUIDE REV 1
- Juniper NETWORK AND SECURITY MANAGER 2010.2
- Juniper MEDIA FLOW MANAGER 2.0.2 - ADMINISTRATOR S GUIDE AND CLI
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 - CATEGORY OFFENSE INVESTIGATION GUIDE REV 1
- Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT ADMINISTRATION GUIDE REV 1
- Juniper MEDIA FLOW CONTROLLER 2.0.5
- Juniper 200 Series