Table of Contents
Advertisement
Configuring the Protocol Analysis Module
9.
To add a Port Macro to the port list, click Add PortMacro. The Port Macro Selection dialog
box is displayed. Select the desired macro and click OK.
10. Click Commit to add your changes to the policy being configured.
Finger Analysis Configuration
The Network Sensor can decode attempts to "bounce" a finger request. Most finger servers
recursively query other finger servers. For example, attempting to issue a command, finger
root@site2@site1, may cause the finger daemon at site1 to finger the daemon at site2 for the user
root. It is an easy way for some hackers to probe networks and hide their true source location. It is
also a well-known Denial-of-Service tool. These events are named [FINGER-BOUNCE].
Procedure
To configure Finger Analysis settings:
1.
Click the Network Policy View icon and the Network Policies tab.
2.
Expand the tree by clicking the expansion symbols and select the desired custom policy name.
The modules for that policy are displayed in the tree.
3.
Click the Protocol Analysis Module in the tree.
2-56 Creating Network Sensor Policies
Note: To display existing port macros and their definitions, or to add a new macro, click Default
Network Sensor Settings in the Network Policies tab of the Network Policy View.See
"Configuring Port
Macros" on page 1-14 for information about creating or editing port macros.
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?