ISS Proventia Inline Appliance Policy
[ issPolicy v1.01 | http://packet.sequenced.org/projects/isspolicy ]



POLICY INFORMATION

   Policy File: policies/AttackBlocker_inline.policy
   Policy Name: Attack Blocker
   Policy Version: 8.0.2004.286
   Sensor Type: Proventia Inline Appliance (v8.0)


SIGNATURES POLICY

Response Summary Legend: DISPLAY | LOGDB | EMAIL | SNMP | RSKILL | OPSEC | LOGEVIDENCE | DROP | DYNAMICBLOCK

Signature NameSignature DescriptionSignature StatusSignature PriorityResponse SummaryLogDropDynamicBlock
HTTP_Code_RedCode Red IEnabled HIGHDISPLAY LOGDB DROP DYNAMICBLOCK LogWithoutRaw
 ConnectionWithReset
 BlockWorm
HTTP_Code_Red_IICode Red IIEnabled HIGHDISPLAY LOGDB DROP DYNAMICBLOCK LogWithoutRaw
 ConnectionWithReset
 BlockWorm
HTTP_Code_Red_II_PlusCode Red II+Enabled HIGHDISPLAY LOGDB DROP DYNAMICBLOCK LogWithoutRaw
 ConnectionWithReset
 BlockWorm
IRC_PrettyPark_WormPrettyPark wormEnabled HIGHDISPLAY LOGDB DROP DYNAMICBLOCK LogWithoutRaw
 ConnectionWithReset
 BlockWorm


USER-DEFINED IP FILTERS

Filter NameFilter DescriptionFilter StatusProtocolSource Address/Mask [Asset]Source PortDestination Address/Mask [Asset]Destination Port
FR-PAR-NESSUSInternet Scanner Vulnerability Assessment host (Paris, France)Enabledip1.2.3.4/32ANYANYANY
UK-LON-NESSUSInternet Scanner Vulnerability Assessment host (London, United Kingdom)Enabledip4.3.2.1/32ANYANYANY



USER-DEFINED EVENT FILTERS

Filter NameFilter DescriptionFilter StatusFiltered EventSource AddressSource PortDestination AddressDestination Port
MY-KUL-HTTP-001Microsoft ASP.NET vulnerability against Apache web server (Kuala Lumpur, Malaysia)DisabledHTTP_ASP_Security_BypassANYANY3.3.3.380


[ Generated using: issPolicy v1.01 - http://packet.sequenced.org/projects/isspolicy ] [ Author: Kristof Philipsen / kphilipsen@gmail.com ]