Table of Contents
Advertisement
Table A-1 6.x to 7.0 Keyword Mapping (continued)
6.x Keyword
Y2K
7.0 XML Attribute
Attack
Padding extra slashes
slashes with single slash
Self-referencing directories
./ with /
URL encoding
escaped characters to binary
Reverse Traversal
reverse traversal directory pairs
Premature request ending
reverse traversal directory pairs
Parameter hiding
reverse traversal directory pairs
HTTP mis-formatting
with spaces or tabs
Long URLs
reverse traversal directory pairs
DOS/Win directory syntax
NULL method processing
affected
Deprecated
Description
Example
/cgi-bin///phf
/cgi-bin/./phf
/%63gi-bin/phf
/cgi-bin/blah/../phf
/%20HTTP/1.0%0d%0aHeader:%20/
../../cgi-bin/phf
/index.htm%3fparam=/..
/cgi-bin/phf
GET < tab > /cgi-bin/phf < tab >
/rfprfp < lots of characters >
rfprfp/../cgi-bin/phf
/cgi-bin\phf
GET%00
/cgi-bin/phf
Technical Note
Many of these attacks have been documented,
but recently they have been implemented by
Rain Forest Puppy in version 1.3 of the Whisker
web scanner. More information can be found at:
http://www.wiretrip.net/rfp/
If the Network Sensor is to create dated
directories (PACKETLOG and ALARMLOG
options), using Deprecated will ensure that the
directory names will have the 4-digit year. This is
required for the Enterasys IPS 5.x architecture.
Technical Note
For backward compatibility, this must not be
used in the Enterasys IPS 4.x architecture.
Creating Network Sensor Policies and Signatures A-59
6.x to 7.x Mappings
Cure
Replace
Replace /
Convert
Remove
Remove
Remove
Parse URL
Remove
Convert \ to /
Dragon not
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?