116 Preventing attacks
Setting protection preferences
Trojan horse protection
Setting protection preferences
one attack in five seconds. When ICMP is enabled, the log messages are not
limited.
The appliance defends against the following atomic IDS/IPS signatures:
Bonk
■
Back Orifice (Trojan horse communication channel)
■
Girlfriend (Trojan horse communication channel)
■
Fawx
■
Jolt
■
Land
■
Nestea
■
Newtear
■
Overdrop
■
Ping of Death
■
Portal of Doom (Trojan horse communication channel)
■
SubSeven (Trojan horse communication channel)
■
Syndrop
■
Teardrop
■
Winnuke
■
HTML buffer overflow
■
TCP/UDP flood protection
■
Any attempt to connect to a blocked port that is commonly used by Trojan horse
programs is logged and classified as a possible attack. The log message warns
the user that an illegal connection attempt was made and that they should audit
their internal systems to verify they are not compromised. Trojan horse
protection is overridden if traffic is explicitly allowed in an inbound rule.
For each atomic IDS/IPS signature, you can set the action to take with detection
of each individual signature, as follows:
Block and Warn
■
Drop and log packets identified as containing the specific signature.