Trojan Horse Notification; Setting Protection Preferences - Symantec 460R - Gateway Security Administrator's Manual

Administration guide
Hide thumbs Also See for 460R - Gateway Security:
Table of Contents

Advertisement

90
Preventing attacks

Setting protection preferences

Trojan horse notification

Any attempt to connect to a blocked port that is commonly used by Trojan horse programs is logged and
classified as a possible attack. The log message warns the user that an illegal connection attempt was made
and that they should audit their internal systems to verify they are not compromised. Trojan horse
protection is overridden if traffic is explicitly allowed in an inbound rule.
Connections to the ports listed in
rule configured to allow inbound traffic on that port.
Table 8-1
Trojan horse
Back Orifice
Girlfriend
Portal of Doom
SubSeven
Setting protection preferences
For each atomic IDS and IPS signature, you can set the action to take with detection of each individual
signature, as follows:
You can configure the following options for enabling and disabling IDS and IPS signature detection and
logging:
To set protection preferences
See
1
2
3
Teardrop
Winnuke
HTML buffer overflow
TCP/UDP flood protection
Trojan horse ports and protocols
Protocol
Ports
TCP
31337
UDP
31337
TCP
21554
TCP
3700, 9872, 9873, 9874, 9875, 10067, 10167
UDP
10067, 10167
TCP
1243, 6711, 6712, 6713, 6766, 27374, 27573
UDP
27573
Block and Warn
Drop and log packets identified as containing the specific signature.
Block/Don't Warn
Drop the packet; but do not log.
Select All to enable or disable detection of ALL signatures.
Enable/disable detection of each signature individually.
"IDS Protection tab field descriptions"
In the SGMI, in the left pane, click IDS/IPS.
In the right pane, on the IDS Protection tab, under IDS Signatures, from the Name drop-down list,
select an IDS signature.
To apply the preferences to all the signatures, click >>Select All<<.
Under Protection settings, next to Action, select an action.
Table 8-1
generate warnings in the log file, unless you specifically have a
on page 154.

Hide quick links:

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 460R - Gateway Security and is the answer not in the manual?

Subscribe to Our Youtube Channel

Table of Contents