ISS Proventia Inline Appliance Policy
[ issPolicy v1.01 | http://packet.sequenced.org/projects/isspolicy ]



POLICY INFORMATION

   Policy File: policies/AttackBlocker_inline.policy
   Policy Name: Attack Blocker
   Policy Version: 8.0.2004.286
   Sensor Type: Proventia Inline Appliance (v8.0)


SIGNATURES POLICY

Response Summary Legend: DISPLAY | LOGDB | EMAIL | SNMP | RSKILL | OPSEC | LOGEVIDENCE | DROP | DYNAMICBLOCK

Signature Name	Signature Description	Signature Status	Signature Priority	Response Summary	Log	Drop	DynamicBlock
Boink	Boink DoS	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
Bonk	Bonk DoS	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
DeepThroat_Response	DeepThroat Backdoor	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
ICQ_PAM_Parser_Overflow	ICQ Overflow Attempt	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
ICQ_Witty_Worm	ICQ Witty Worm	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
IP_Invalid_Option	Invalid IP Option	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
IP_Tunnel_Bad_Version	IP tunnel bad version	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
Mstream_Zombie_Response	Mstream agent activity	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
Nestea	Nestea attack	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
NewTear	NewTear attack	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
Quake_Backdoor_Request	Quake backdoor	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
SQL_SSRP_Slammer_Worm	MS Sql Server 2000 Resolution Service Slammer Worm	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
SQL_SSRP_StackBo	MS Sql Server 2000 Resolution Service stack overflow	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
Slapper_Worm	Detect Slapper P2P activity	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
Snort_Stream4_HeapBo	Snort stream4 heap overflow	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
Symantec_NBNS_Bo	Symantc Firewall NetBIOS Name Service (NBNS) Response Buffer Overflow	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
SynDrop	SynDrop attack	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
TCP_Frag_RFProwl	RFProwl exploit	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
TFTP_MSBlaster_Attempt	TFTP msblaster.exe transfer attempt	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
TFTP_MSBlaster_Worm	TFTP msblaster.exe file transfer	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
TFTP_Nachi_Worm	TFTP dllhost.exe and svchost.exe file transfer	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
TearDrop	Teardrop attack	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
Trin00_Daemon_Response	Trin00 Distributed Denial of Service Daemon	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
Unexplained_Backdoor_Response	Unexplained Backdoor	Enabled	HIGH		LogWithoutRaw	Packet	Disabled
Win_IP_Src_Route	Windows IP Source Routing	Enabled	HIGH		LogWithoutRaw	Packet	Disabled

USER-DEFINED IP FILTERS

Filter Name	Filter Description	Filter Status	Protocol	Source Address/Mask [Asset]	Source Port	Destination Address/Mask [Asset]	Destination Port
FR-PAR-NESSUS	Internet Scanner Vulnerability Assessment host (Paris, France)	Enabled	ip	1.2.3.4/32	ANY	ANY	ANY
UK-LON-NESSUS	Internet Scanner Vulnerability Assessment host (London, United Kingdom)	Enabled	ip	4.3.2.1/32	ANY	ANY	ANY
GLOBAL-MCAST-VRRP	Global multicast VRRP traffic	Disabled	ip	ANY	ANY	224.0.0.18/24	ANY

USER-DEFINED EVENT FILTERS

Filter Name	Filter Description	Filter Status	Filtered Event	Source Address	Source Port	Destination Address	Destination Port
AU-SYD-SNMP-001	SNMP_Set Filter for Network Management Station (Sydney, Australia)	Enabled	SNMP_Set	2.2.2.2	ANY	2.2.0.0-2.2.255.255	161
MY-KUL-HTTP-001	Microsoft ASP.NET vulnerability against Apache web server (Kuala Lumpur, Malaysia)	Disabled	HTTP_ASP_Security_Bypass	ANY	ANY	3.3.3.3	80

[ Generated using: issPolicy v1.01 - http://packet.sequenced.org/projects/isspolicy ] [ Author: Kristof Philipsen / kphilipsen@gmail.com ]