Network Security Platform correlated attacks
Technische Artikel ID:
KB60305
Zuletzt geändert am: 2021-06-11 14:51:43 Etc/GMT
Zuletzt geändert am: 2021-06-11 14:51:43 Etc/GMT
Umgebung
McAfee Network Security Manager (NSM)
McAfee Network Security Sensor
McAfee Network Security Sensor
Zusammenfassung
Sie können sich per E-Mail benachrichtigen lassen, sobald dieser Artikel aktualisiert wird, indem Sie rechts auf der Seite auf Abonnieren klicken. Zum Abonnieren müssen Sie angemeldet sein.
(Correlated) Attack Name | (Correlated) Attack ID | (Correlated) Attack Severity | Suppress-Failure | (Correlated) Attack Category |
(Correlated) Attack Sub-category | (Component) Attack Name | (Component) Attack ID | (Component) Attack Severity | (Component) Attack Blockable Option in NSM 6.1 and later |
SMTP: Possible Brute Force Attack Detected | 0x40416c00 | 6 | yes | Reconnaissance | brute-force | SMTP: Authentication Failure Seen | 0x40416b00 | 0 | Disallowed |
SSL: Possible OpenSSL Denial of Service via memory exhaustion (CVE-2016-6304) | 0x43f01000 | 5 | yes | Reconnaissance | Multi-Attack Correlation | SSL: OCSP extension enabled in client hello, OpenSSL: Handshake packet seen |
0x45c08e00, 0x45d39e00 | 0 | Disallowed |
SSL: OpenSSL Memory Exhaustion DOS Vulnerability | 0x4001ab00 | 4 | yes | Reconnaissance | Brute-Force | SSL: OpenSSL Memory Leak Vulnerability (CVE-2009-1378) | 0x45c08c00 | 1 | Disallowed |
Botnet: DGA Heuristic Detection of Botnet Zombie | 0x43f00d00 | 7 | no | Reconnaissance | Multi-Attack Correlation | Botnet: DNS Name Lookup Failure Matching DGA Heuristics | 0x4880db00 | 9 | Disallowed |
ICMP: Timestamp Request Host Sweep | 0x40000200 | 4 | no | Reconnaissance | host-sweep | ICMP: Timestamp Probe | 0x40100300 | 3 | Allowed |
TCP: FIN Port Scan | 0x40009800 | 4 | no | Reconnaissance | port-scan | TCP: Illegal FIN Probe | 0x40011300 | 2 | Allowed |
TCP: NULL Port Scan | 0x4000a000 | 4 | no | Reconnaissance | port-scan | SCAN: NULL Probe | 0x4000bd00 | 3 | Allowed |
TCP: XMAS Port Scan | 0x4000a100 | 4 | no | Reconnaissance | port-scan | NMAP: XMAS Probe | 0x4000b900 | 5 | Allowed |
TCP: FIN Host Sweep | 0x4000a900 | 4 | no | Reconnaissance | host-sweep | TCP: Illegal FIN Probe | 0x40011300 | 2 | Allowed |
TCP: NULL Host Sweep | 0x4000aa00 | 4 | no | Reconnaissance | host-sweep | SCAN: NULL Probe | 0x4000bd00 | 3 | Allowed |
TCP: XMAS Host Sweep | 0x4000ab00 | 4 | no | Reconnaissance | host-sweep | NMAP: XMAS Probe | 0x4000b900 | 5 | Allowed |
TCP: Fingerprinting NMAP | 0x4000b300 | 4 | no | Reconnaissance | fingerprinting | SCAN: NULL Probe | 0x4000bd00 | 3 | Allowed |
NMAP: XMAS Probe | 0x4000b900 | 5 | Allowed | ||||||
NMAP: XMAS with SYN Probe | 0x4000ba00 | 5 | Allowed | ||||||
TCP: Fingerprinting Queso | 0x4000b400 | 4 | no | Reconnaissance | fingerprinting | TCP: Illegal FIN Probe | 0x40011300 | 2 | Allowed |
SCAN: SYN FIN Based Probes | 0x4000ec00 | 3 | Allowed | ||||||
TCP: Bare Push Probe | 0x4000bc00 | 5 | Allowed | ||||||
ICMP: Netmask Request Host Sweep | 0x40011d00 | 4 | no | Reconnaissance | host-sweep | ICMP: Netmask Request | 0x40011600 | 3 | Allowed |
TELNET: Password Brute Force | 0x40012700 | 4 | yes | Reconnaissance | brute-force | TELNET: Telnet Login Failure Detected | 0x40601200 | 2 | Disallowed |
RLOGIN: Password Brute Force | 0x40012800 | 4 | yes | Reconnaissance | brute-force | RLOGIN: Failed Login | 0x40603100 | 2 | Disallowed |
RSH: Password Brute Force | 0x40012900 | 4 | yes | Reconnaissance | brute-force | RSH: Login Failed | 0x41100100 | 2 | Disallowed |
REXEC: Password Brute Force | 0x40012a00 | 4 | yes | Reconnaissance | brute-force | REXEC: Login Failed | 0x41101100 | 2 | Disallowed |
MSSQL: Password Brute Force | 0x40012b00 | 4 | yes | Reconnaissance | brute-force | MSSQL: User Login Failed | 0x41a00a00 | 2 | Disallowed |
RADIUS: Authentication Brute Force | 0x40012c00 | 4 | yes | Reconnaissance | brute-force | RADIUS: Access Denied | 0x41c00400 | 1 | Disallowed |
FTP: Login Brute Force | 0x40012d00 | 4 | yes | Reconnaissance | brute-force | FTP: Login Failed | 0x40505600 | 1 | Disallowed |
IMAP: Password Brute Force | 0x40012e00 | 4 | yes | Reconnaissance | brute-force | IMAP: IMAP Login Failure Detected | 0x41901b00 | 2 | Disallowed |
POP3: Password Brute Force | 0x40012f00 | 4 | yes | Reconnaissance | brute-force | POP3: POP3 Login Failure Detected | 0x40902c00 | 2 | Disallowed |
SMTP: VRFY Brute Force | 0x40013000 | 4 | yes | Reconnaissance | brute-force | SMTP: VRFY Command Used | 0x40013100 | 0 | Disallowed |
SMTP: EXPN Brute Force | 0x40013200 | 4 | yes | Reconnaissance | brute-force | SMTP: EXPN Command Used | 0x40013300 | 0 | Disallowed |
NETBIOS-NS: NBTSTAT Sweep Activity Detected | 0x40013400 | 6 | yes | Reconnaissance | service-sweep | NETBIOS-NS: NBTSTAT Scan | 0x40013500 | 1 | Disallowed |
NETBIOS-SS: Virus/Worm File Share Spread | 0x40013600 | 4 | yes | Reconnaissance | service-sweep | NETBIOS-SS: Copy Executable File Attempt | 0x40706500 | 3 | Disallowed |
ORACLE: Brute Force Logon | 0x40014200 | 4 | yes | Reconnaissance | brute-force | ORACLE: Oracle Login Failure Detected | 0x40014300 | 2 | Disallowed |
SSH: SSH Login Bruteforce Detected | 0x40014400 | 4 | yes | Reconnaissance | brute-force | SSH: SSH Login Failure Detected | 0x40014500 | 1 | Disallowed |
TCP: SYN Packet Fixed Header Options DoS | 0x40014600 | 4 | yes | Reconnaissance | brute-force | TCP: SYN Packet Fixed Options Header | 0x00009b00 | 0 | Disallowed |
WORM: W32/Conficker.C Activity Detected | 0x40014700 | 4 | yes | Reconnaissance | service-sweep | P2P: Suspicious UDP Probe | 0x45d08f00 | 5 | Disallowed |
TCP: RST Resource Exhaustion DoS | 0x40014800 | 4 | yes | Reconnaissance | brute-force | TCP: RST Socket Exhaustion Dos | 0x00009c00 | 5 | Disallowed |
P2P: KaZaA Client Sweep Activity Detected | 0x40015000 | 4 | no | Reconnaissance | service-sweep | P2P: KaZaA Client Connecting to Server | 0x40015100 | 5 | Allowed |
ICMP: Nachi Worm Host Sweep | 0x40015400 | 4 | no | Reconnaissance | host-sweep | ICMP: Nachi-like Ping | 0x40015500 | 6 | Allowed |
P2P: Share Sweep Traffic Detected | 0x40015a00 | 4 | yes | Reconnaissance | service-sweep | P2P: Share-like Traffic Detected | 0x40015b00 | 5 | Disallowed |
P2P: Peer-to-peer Distributed File Download Obfuscated-Traffic Detected | 0x40015c00 | 4 | yes | Reconnaissance | service-sweep | P2P: Unknown Long-lasting Obfuscated Binary Response Data-Stream Transfer Detected | 0x40015d00 | 5 | Disallowed |
BOT: W32/Nuwar@MM Client Sweep Activity Detected | 0x40016200 | 6 | yes | Reconnaissance | service-sweep | BOT: W32/Nuwar@MM Encrypted Traffic | 0x40016300 | 7 | Disallowed |
SMTP: High Level of SMTP Activity | 0x40016700 | 1 | no | Reconnaissance | service-sweep | SMTP: RCPT TO Command Used | 0x40405800 | 0 | Allowed |
PCANYWHERE: Client Sweep Activity Detected | 0x40016e00 | 4 | yes | Reconnaissance | service-sweep | PCANYWHERE: Client Scan Activity Detected | 0x43b00200 | 1 | Disallowed |
BOT: Spam-mailbot Communication Detected | 0x40017200 | 5 | no | Reconnaissance | service-sweep | BOT: Spam-mailbot Activity Detected | 0x45d06100 | 5 | Allowed |
DNS: Generic DNS Spoofing Attempt | 0x40017300 | 5 | yes | Reconnaissance | brute-force | DNS: Generic Spoofing Activity | 0x40303400 | 5 | Disallowed |
DNS: Server Response Validation Vulnerability | 0x40017600 | 5 | yes | Reconnaissance | brute-force | DNS: Microsoft DNS Server Response Validation Vulnerability II | 0x40303b00 | 5 | Disallowed |
TCP: Small Window DoS | 0x40019100 | 5 | yes | Reconnaissance | brute-force | TCP: Small Window Flow Detected | 0x00009d00 | 1 | Disallowed |
Kerberos: Kerberos Login Bruteforce Detected | 0x40019800 | 4 | yes | Reconnaissance | brute-force | KERBEROS: Kerberos Authentication Error Detected | 0x43001a00 | 4 | Disallowed |
NETBIOS-SS: Microsoft Windows SMB NTLM Authentication Lack of Entropy Vulnerability |
0x40019a00 | 4 | yes | Reconnaissance | brute-force | NETBIOS-SS: Non Admin Access in NTLMSSP Auth | 0x4070b900 | 0 | Disallowed |
NETBIOS-SS: Microsoft Windows SMB Memory Corruption Vulnerability | 0x40019b00 | 4 | yes | Reconnaissance | brute-force | NETBIOS-SS: SMB Negotiate | 0x4070bc00 | 0 | Disallowed |
DNS: Too Many Type A Query Response Errors Found | 0x40019c00 | 4 | yes | Reconnaissance | brute-force | DNS: Standard Query Type A Response Error Found | 0x40304000 | 0 | Disallowed |
DNS: Too Many Type MX Query Response Errors Found | 0x40019d00 | 4 | yes | Reconnaissance | brute-force | DNS: Standard Query Type MX Response Error Found | 0x40304100 | 0 | Disallowed |
SMTP: Multiple Emails sent without Authentication | 0x40019e00 | 5 | no | Reconnaissance | service-sweep | SMTP: Email sent without Authentication | 0x4040ec00 | 0 | Allowed |
BOT: Spam Bot Activity - Multiple Blacklist Responses from SMTP server | 0x40019f00 | 5 | no | Reconnaissance | service-sweep | SMTP: Server Rejection due to Blacklist | 0x4040ea00 | 0 | Allowed |
BOT: Potential Bot Activity -Multiple Resets from SMTP receiver | 0x4001a000 | 5 | no | Reconnaissance | service-sweep | SMTP: Unexpected Server Rejection | 0x4040eb00 | 0 | Allowed |
SIP: SIP Bruteforce Attack Detected-I | 0x4001a100 | 4 | yes | Reconnaissance | brute-force | SIP: Unauthorized Access Attempt | 0x43801100 | 0 | Disallowed |
SIP: SIP Bruteforce Attack Detected-II | 0x4001a200 | 4 | yes | Reconnaissance | brute-force | SIP: Server Authentication failure | 0x43801200 | 0 | Disallowed |
HTTP: Possible HTTP Brute Force Attack Against ASP.NET Pages | 0x4001b000 | 4 | yes | Reconnaissance | brute-force | HTTP: HTTP ASP Page Internal Error | 0x40294800 | 5 | Disallowed |
HTTP: Possible HTTP LOIC Denial-of-Service Attack Detected | 0x4001c000 | 4 | yes | Reconnaissance | brute-force | HTTP: Possible Non-Standard HTTP Traffic Detected | 0x40296500 | 0 | Disallowed |
HTTP: Possible HTTP GET LOIC Denial-of-Service Attack Detected | 0x4001d000 | 4 | yes | Reconnaissance | brute-force | HTTP: Possible LOIC Get Request Detected | 0x40299d00 | 0 | Disallowed |
HTTP: Possible SSL Denial-of-Service Attack Detected | 0x4001e000 | 4 | no | Reconnaissance | brute-force | SSL: Invalid SSL Flow Detected | 0x45c02300 | 0 | Disallowed |
HTTP: HTTP Login Bruteforce Detected | 0x40256b00 | 4 | yes | Reconnaissance | brute-force | HTTP: HTTP Authentication Failure | 0x40256a00 | 5 | Disallowed |
HTTP: Possible HTTP DoS Attack with Invalid HTML Page Access | 0x40280300 | 4 | yes | Reconnaissance | brute-force | HTTP: HTTP HTML Page Not Found | 0x40280200 | 5 | Disallowed |
NETBIOS-SS: SMB Bruteforce Attempt | 0x4070ac00 | 4 | yes | Reconnaissance | brute-force | NETBIOS-SS: SMB Logon Failed | 0x4070ab00 | 1 | Disallowed |
PGM: Large Volume of Small Data Fragments | 0x45d06800 | 2 | yes | Reconnaissance | brute-force | PGM: Small Data Fragment | 0x45d06700 | 1 | Disallowed |
ORACLE: Oracle SID Login Bruteforce Detected | 0x46c06d00 | 4 | yes | Reconnaissance | brute-force | ORACLE: ORACLE TNS CONNECT_DATA and SID Request Detected | 0x46c06c00 | 0 | Disallowed |
MySQL: Password Brute Force | 0x47101400 | 4 | yes | Reconnaissance | brute-force | MySQL: Login Failed | 0x47100100 | 3 | Disallowed |
RDP: Terminal Service Denial of service | 0x4001f000 | 5 | yes | Reconnaissance | brute-force | RDP: RST Packet Detected | 0x00011900 | 5 | Disallowed |
HTTP: Possible Anonymous OpMegaUpload DoS | 0x4001b100 | 5 | yes | Reconnaissance | brute-force | HTTP: Anonymous OpMegaUpload Detected | 0x402b8400 | 5 | Disallowed |
NETBIOS-SS: Non Admin Access in NTLMSSP Auth II Denial of Service | 0x40020300 | 4 | yes | Reconnaissance | brute-force | NETBIOS-SS: Non Admin Access in NTLMSSP Auth II | 0x43c03a00 | 4 | Disallowed |
FTP: VSFTPD Connection Handling DOS | 0x4050df00 | 4 | yes | Reconnaissance | brute-force | FTP: VsFTPd Banner | 0x4050de00 | 0 | Disallowed |
NTP: NTP Amplification DoS | 0x41b00800 | 4 | yes | Reconnaissance | brute-force | NTP: NTP Amplification Attacks | 0x41b00700 | 5 | Disallowed |
SSL: Too Many HTTPS Requests | 0x45c03600 | 4 | yes | Reconnaissance | brute-force | SSL: Client HTTPS Request | 0x45c03500 | 0 | Disallowed |
Digium: Digium Asterik Heap Buffer Overflow | 0x45d21600 | 4 | yes | Reconnaissance | brute-force | Digium: Asterisk Heap Buffer Overflow Skinny Channel Driver Remote Code Execution | 0x45d1ee00 | 5 | Disallowed |
ORACLE: Database Server TNS Listener Poison DoS Attack Detected | 0x46c08200 | 4 | yes | Reconnaissance | brute-force | ORACLE: Database Server TNS Listener Poison Attack Remote Code Execution | 0x46c08100 | 7 | Disallowed |
MySQL: MariaDB memcmp Function Security Bypass Vulnerability | 0x47101900 | 4 | yes | Reconnaissance | brute-force | MySQL: Login Failed | 0x47100100 | 3 | Allowed |
BOT: Muieblackcat Activity Detected | 0x43f00e00 | 5 | yes | Reconnaissance | Multi-Attack Known Bot | BOT: Muieblackcat Traffic Detected I,
BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected
|
0x48810600, 0x48810700 | 4, 4
|
Disallowed (for both) |
ICMP: Possible Attack To Exploit BlackNurse Vulnerability II | 0x40102c00 | 4 | yes | Reconnaissance | brute-force | ICMP: Port Unreachable Packet Seen II | 0x40102b00 | 3 | Disallowed |
ICMP: Possible Attack to exploit BlackNurse vulnerability | 0x40102a00 | 4 | yes | Reconnaissance | brute-force | ICMP: Port Unreachable Packet Seen | 0x40102900 | 3 | Disallowed |
BOT: Cerber Ransomware Activity Detected | 0x48812000 | 6 | yes | Reconnaissance | host-sweep | BOT: Cerber Ransomware Traffic Detected | 0x48811f00 | 5 | Disallowed |
HTTP: Possible Wordpress brute force login detected | 0x43f01200 | 6 | yes | Reconnaissance | brute-force | HTTP: WordPress login seen | 0x451d0a00 | 0 | Disallowed |
HTTP: Wordpress User enumeration wpscan | 0x43f01100 | 6 | yes | Reconnaissance | fingerprinting | HTTP: WordPress user enumeration | 0x451d0800 | 0 | Disallowed |
Themenbezogene Informationen
For information on how to configure component attacks in Network Security Manager 8.3 to detect correlation attacks, see KB89026.
Haftungsausschluss
Der Inhalt dieses Artikels stammt aus dem Englischen. Bei Unterschieden zwischen dem englischen Text und seiner Übersetzung gilt der englische Text. Einige Inhalte wurden mit maschineller Übersetzung erstellt, die von Microsoft durchgeführt wurde.
Sprachen:
Dieser Artikel ist in folgenden Sprachen verfügbar: