Network Security Platform 关联攻击
技术文章 ID:
KB60305
上次修改时间: 2021-06-11 14:51:52 Etc/GMT
上次修改时间: 2021-06-11 14:51:52 Etc/GMT
环境
McAfee Network Security Manager (NSM)
McAfee Network Security Sensor
McAfee Network Security Sensor
摘要
要在更新本文时收到电子邮件通知,请单击 订阅 位于页面右侧。您必须登录后才能订购。
(关联)攻击名称 | (关联)攻击 ID | (关联)攻击严重性 | 抑制故障 | (关联)攻击 类别 |
(关联)攻击子类别 | (组件)攻击名称 | (组件)攻击 ID | (组件)攻击严重性 | (组件)NSM 6.1 和更高版本中的攻击可阻止选项 |
SMTP: Possible Brute Force Attack Detected | 0x40416c00 | 6 | 是 | 侦测 | 暴力 | SMTP: Authentication Failure Seen | 0x40416b00 | 0 | 不允许 |
SSL: Possible OpenSSL Denial of Service via memory exhaustion (CVE-2016-6304) | 0x43f01000 | 5 | 是 | 侦测 | 多攻击关联 | SSL: OCSP extension enabled in client hello, OpenSSL: Handshake packet seen |
0x45c08e00,0x45d39e00 | 0 | 不允许 |
SSL: OpenSSL Memory Exhaustion DOS Vulnerability | 0x4001ab00 | 4 | 是 | 侦测 | 暴力 | SSL: OpenSSL Memory Leak Vulnerability (CVE-2009-1378) | 0x45c08c00 | 1 | 不允许 |
Botnet: DGA Heuristic Detection of Botnet Zombie | 0x43f00d00 | 7 | 否 | 侦测 | 多攻击关联 | Botnet: DNS Name Lookup Failure Matching DGA Heuristics | 0x4880db00 | 9 | 不允许 |
ICMP: Timestamp Request Host Sweep | 0x40000200 | 4 | 否 | 侦测 | 主机扫描 | ICMP: Timestamp Probe | 0x40100300 | 3 | 允许 |
TCP: FIN Port Scan | 0x40009800 | 4 | 否 | 侦测 | 端口扫描 | TCP: Illegal FIN Probe | 0x40011300 | 2 | 允许 |
TCP: NULL Port Scan | 0x4000a000 | 4 | 否 | 侦测 | 端口扫描 | SCAN: NULL Probe | 0x4000bd00 | 3 | 允许 |
TCP: XMAS Port Scan | 0x4000a100 | 4 | 否 | 侦测 | 端口扫描 | NMAP: XMAS Probe | 0x4000b900 | 5 | 允许 |
TCP: FIN Host Sweep | 0x4000a900 | 4 | 否 | 侦测 | 主机扫描 | TCP: Illegal FIN Probe | 0x40011300 | 2 | 允许 |
TCP: NULL Host Sweep | 0x4000aa00 | 4 | 否 | 侦测 | 主机扫描 | SCAN: NULL Probe | 0x4000bd00 | 3 | 允许 |
TCP: XMAS Host Sweep | 0x4000ab00 | 4 | 否 | 侦测 | 主机扫描 | NMAP: XMAS Probe | 0x4000b900 | 5 | 允许 |
TCP: Fingerprinting NMAP | 0x4000b300 | 4 | 否 | 侦测 | 指纹探测 | SCAN: NULL Probe | 0x4000bd00 | 3 | 允许 |
NMAP: XMAS Probe | 0x4000b900 | 5 | 允许 | ||||||
NMAP: XMAS with SYN Probe | 0x4000ba00 | 5 | 允许 | ||||||
TCP: Fingerprinting Queso | 0x4000b400 | 4 | 否 | 侦测 | 指纹探测 | TCP: Illegal FIN Probe | 0x40011300 | 2 | 允许 |
SCAN: SYN FIN Based Probes | 0x4000ec00 | 3 | 允许 | ||||||
TCP: Bare Push Probe | 0x4000bc00 | 5 | 允许 | ||||||
ICMP: Netmask Request Host Sweep | 0x40011d00 | 4 | 否 | 侦测 | 主机扫描 | ICMP: Netmask Request | 0x40011600 | 3 | 允许 |
TELNET: Password Brute Force | 0x40012700 | 4 | 是 | 侦测 | 暴力 | TELNET: Telnet Login Failure Detected | 0x40601200 | 2 | 不允许 |
RLOGIN: Password Brute Force | 0x40012800 | 4 | 是 | 侦测 | 暴力 | RLOGIN: Failed Login | 0x40603100 | 2 | 不允许 |
RSH: Password Brute Force | 0x40012900 | 4 | 是 | 侦测 | 暴力 | RSH: Login Failed | 0x41100100 | 2 | 不允许 |
REXEC: Password Brute Force | 0x40012a00 | 4 | 是 | 侦测 | 暴力 | REXEC: Login Failed | 0x41101100 | 2 | 不允许 |
MSSQL: Password Brute Force | 0x40012b00 | 4 | 是 | 侦测 | 暴力 | MSSQL: User Login Failed | 0x41a00a00 | 2 | 不允许 |
RADIUS: Authentication Brute Force | 0x40012c00 | 4 | 是 | 侦测 | 暴力 | RADIUS: Access Denied | 0x41c00400 | 1 | 不允许 |
FTP: Login Brute Force | 0x40012d00 | 4 | 是 | 侦测 | 暴力 | FTP: Login Failed | 0x40505600 | 1 | 不允许 |
IMAP: Password Brute Force | 0x40012e00 | 4 | 是 | 侦测 | 暴力 | IMAP: IMAP Login Failure Detected | 0x41901b00 | 2 | 不允许 |
POP3: Password Brute Force | 0x40012f00 | 4 | 是 | 侦测 | 暴力 | POP3: POP3 Login Failure Detected | 0x40902c00 | 2 | 不允许 |
SMTP: VRFY Brute Force | 0x40013000 | 4 | 是 | 侦测 | 暴力 | SMTP: VRFY Command Used | 0x40013100 | 0 | 不允许 |
SMTP: EXPN Brute Force | 0x40013200 | 4 | 是 | 侦测 | 暴力 | SMTP: EXPN Command Used | 0x40013300 | 0 | 不允许 |
NETBIOS-NS: NBTSTAT Sweep Activity Detected | 0x40013400 | 6 | 是 | 侦测 | 服务扫描 | NETBIOS-NS: NBTSTAT Scan | 0x40013500 | 1 | 不允许 |
NETBIOS-SS: Virus/Worm File Share Spread | 0x40013600 | 4 | 是 | 侦测 | 服务扫描 | NETBIOS-SS: Copy Executable File Attempt | 0x40706500 | 3 | 不允许 |
ORACLE: Brute Force Logon | 0x40014200 | 4 | 是 | 侦测 | 暴力 | ORACLE: Oracle Login Failure Detected | 0x40014300 | 2 | 不允许 |
SSH: SSH Login Bruteforce Detected | 0x40014400 | 4 | 是 | 侦测 | 暴力 | SSH: SSH Login Failure Detected | 0x40014500 | 1 | 不允许 |
TCP: SYN Packet Fixed Header Options DoS | 0x40014600 | 4 | 是 | 侦测 | 暴力 | TCP: SYN Packet Fixed Options Header | 0x00009b00 | 0 | 不允许 |
WORM: W32/Conficker.C Activity Detected | 0x40014700 | 4 | 是 | 侦测 | 服务扫描 | P2P: Suspicious UDP Probe | 0x45d08f00 | 5 | 不允许 |
TCP: RST Resource Exhaustion DoS | 0x40014800 | 4 | 是 | 侦测 | 暴力 | TCP: RST Socket Exhaustion Dos | 0x00009c00 | 5 | 不允许 |
P2P: KaZaA Client Sweep Activity Detected | 0x40015000 | 4 | 否 | 侦测 | 服务扫描 | P2P: KaZaA Client Connecting to Server | 0x40015100 | 5 | 允许 |
ICMP: Nachi Worm Host Sweep | 0x40015400 | 4 | 否 | 侦测 | 主机扫描 | ICMP: Nachi-like Ping | 0x40015500 | 6 | 允许 |
P2P: Share Sweep Traffic Detected | 0x40015a00 | 4 | 是 | 侦测 | 服务扫描 | P2P: Share-like Traffic Detected | 0x40015b00 | 5 | 不允许 |
P2P: Peer-to-peer Distributed File Download Obfuscated-Traffic Detected | 0x40015c00 | 4 | 是 | 侦测 | 服务扫描 | P2P: Unknown Long-lasting Obfuscated Binary Response Data-Stream Transfer Detected | 0x40015d00 | 5 | 不允许 |
BOT: W32/Nuwar@MM Client Sweep Activity Detected | 0x40016200 | 6 | 是 | 侦测 | 服务扫描 | BOT: W32/Nuwar@MM Encrypted Traffic | 0x40016300 | 7 | 不允许 |
SMTP: High Level of SMTP Activity | 0x40016700 | 1 | 否 | 侦测 | 服务扫描 | SMTP: RCPT TO Command Used | 0x40405800 | 0 | 允许 |
PCANYWHERE: Client Sweep Activity Detected | 0x40016e00 | 4 | 是 | 侦测 | 服务扫描 | PCANYWHERE: Client Scan Activity Detected | 0x43b00200 | 1 | 不允许 |
BOT: Spam-mailbot Communication Detected | 0x40017200 | 5 | 否 | 侦测 | 服务扫描 | BOT: Spam-mailbot Activity Detected | 0x45d06100 | 5 | 允许 |
DNS: Generic DNS Spoofing Attempt | 0x40017300 | 5 | 是 | 侦测 | 暴力 | DNS: Generic Spoofing Activity | 0x40303400 | 5 | 不允许 |
DNS: Server Response Validation Vulnerability | 0x40017600 | 5 | 是 | 侦测 | 暴力 | DNS: Microsoft DNS Server Response Validation Vulnerability II | 0x40303b00 | 5 | 不允许 |
TCP: Small Window DoS | 0x40019100 | 5 | 是 | 侦测 | 暴力 | TCP: Small Window Flow Detected | 0x00009d00 | 1 | 不允许 |
Kerberos: Kerberos Login Bruteforce Detected | 0x40019800 | 4 | 是 | 侦测 | 暴力 | KERBEROS: Kerberos Authentication Error Detected | 0x43001a00 | 4 | 不允许 |
NETBIOS-SS: Microsoft Windows SMB NTLM Authentication Lack of Entropy Vulnerability |
0x40019a00 | 4 | 是 | 侦测 | 暴力 | NETBIOS-SS: Non Admin Access in NTLMSSP Auth | 0x4070b900 | 0 | 不允许 |
NETBIOS-SS: Microsoft Windows SMB Memory Corruption Vulnerability | 0x40019b00 | 4 | 是 | 侦测 | 暴力 | NETBIOS-SS: SMB Negotiate | 0x4070bc00 | 0 | 不允许 |
DNS: Too Many Type A Query Response Errors Found | 0x40019c00 | 4 | 是 | 侦测 | 暴力 | DNS: Standard Query Type A Response Error Found | 0x40304000 | 0 | 不允许 |
DNS: Too Many Type MX Query Response Errors Found | 0x40019d00 | 4 | 是 | 侦测 | 暴力 | DNS: Standard Query Type MX Response Error Found | 0x40304100 | 0 | 不允许 |
SMTP: Multiple Emails sent without Authentication | 0x40019e00 | 5 | 否 | 侦测 | 服务扫描 | SMTP: Email sent without Authentication | 0x4040ec00 | 0 | 允许 |
BOT: Spam Bot Activity - Multiple Blacklist Responses from SMTP server | 0x40019f00 | 5 | 否 | 侦测 | 服务扫描 | SMTP: Server Rejection due to Blacklist | 0x4040ea00 | 0 | 允许 |
BOT: Potential Bot Activity -Multiple Resets from SMTP receiver | 0x4001a000 | 5 | 否 | 侦测 | 服务扫描 | SMTP: Unexpected Server Rejection | 0x4040eb00 | 0 | 允许 |
SIP: SIP Bruteforce Attack Detected-I | 0x4001a100 | 4 | 是 | 侦测 | 暴力 | SIP: Unauthorized Access Attempt | 0x43801100 | 0 | 不允许 |
SIP: SIP Bruteforce Attack Detected-II | 0x4001a200 | 4 | 是 | 侦测 | 暴力 | SIP: Server Authentication failure | 0x43801200 | 0 | 不允许 |
HTTP: Possible HTTP Brute Force Attack Against ASP.NET Pages | 0x4001b000 | 4 | 是 | 侦测 | 暴力 | HTTP: HTTP ASP Page Internal Error | 0x40294800 | 5 | 不允许 |
HTTP: Possible HTTP LOIC Denial-of-Service Attack Detected | 0x4001c000 | 4 | 是 | 侦测 | 暴力 | HTTP: Possible Non-Standard HTTP Traffic Detected | 0x40296500 | 0 | 不允许 |
HTTP: Possible HTTP GET LOIC Denial-of-Service Attack Detected | 0x4001d000 | 4 | 是 | 侦测 | 暴力 | HTTP: Possible LOIC Get Request Detected | 0x40299d00 | 0 | 不允许 |
HTTP: Possible SSL Denial-of-Service Attack Detected | 0x4001e000 | 4 | 否 | 侦测 | 暴力 | SSL: Invalid SSL Flow Detected | 0x45c02300 | 0 | 不允许 |
HTTP: HTTP Login Bruteforce Detected | 0x40256b00 | 4 | 是 | 侦测 | 暴力 | HTTP: HTTP Authentication Failure | 0x40256a00 | 5 | 不允许 |
HTTP: Possible HTTP DoS Attack with Invalid HTML Page Access | 0x40280300 | 4 | 是 | 侦测 | 暴力 | HTTP: HTTP HTML Page Not Found | 0x40280200 | 5 | 不允许 |
NETBIOS-SS: SMB Bruteforce Attempt | 0x4070ac00 | 4 | 是 | 侦测 | 暴力 | NETBIOS-SS: SMB Logon Failed | 0x4070ab00 | 1 | 不允许 |
PGM: Large Volume of Small Data Fragments | 0x45d06800 | 2 | 是 | 侦测 | 暴力 | PGM: Small Data Fragment | 0x45d06700 | 1 | 不允许 |
ORACLE: Oracle SID Login Bruteforce Detected | 0x46c06d00 | 4 | 是 | 侦测 | 暴力 | ORACLE: ORACLE TNS CONNECT_DATA and SID Request Detected | 0x46c06c00 | 0 | 不允许 |
MySQL: Password Brute Force | 0x47101400 | 4 | 是 | 侦测 | 暴力 | MySQL: Login Failed | 0x47100100 | 3 | 不允许 |
RDP: Terminal Service Denial of service | 0x4001f000 | 5 | 是 | 侦测 | 暴力 | RDP: RST Packet Detected | 0x00011900 | 5 | 不允许 |
HTTP: Possible Anonymous OpMegaUpload DoS | 0x4001b100 | 5 | 是 | 侦测 | 暴力 | HTTP: Anonymous OpMegaUpload Detected | 0x402b8400 | 5 | 不允许 |
NETBIOS-SS: Non Admin Access in NTLMSSP Auth II Denial of Service | 0x40020300 | 4 | 是 | 侦测 | 暴力 | NETBIOS-SS: Non Admin Access in NTLMSSP Auth II | 0x43c03a00 | 4 | 不允许 |
FTP: VSFTPD Connection Handling DOS | 0x4050df00 | 4 | 是 | 侦测 | 暴力 | FTP: VsFTPd Banner | 0x4050de00 | 0 | 不允许 |
NTP: NTP Amplification DoS | 0x41b00800 | 4 | 是 | 侦测 | 暴力 | NTP: NTP Amplification Attacks | 0x41b00700 | 5 | 不允许 |
SSL: Too Many HTTPS Requests | 0x45c03600 | 4 | 是 | 侦测 | 暴力 | SSL: Client HTTPS Request | 0x45c03500 | 0 | 不允许 |
Digium: Digium Asterik Heap Buffer Overflow | 0x45d21600 | 4 | 是 | 侦测 | 暴力 | Digium: Asterisk Heap Buffer Overflow Skinny Channel Driver Remote Code Execution | 0x45d1ee00 | 5 | 不允许 |
ORACLE: Database Server TNS Listener Poison DoS Attack Detected | 0x46c08200 | 4 | 是 | 侦测 | 暴力 | ORACLE: Database Server TNS Listener Poison Attack Remote Code Execution | 0x46c08100 | 7 | 不允许 |
MySQL: MariaDB memcmp Function Security Bypass Vulnerability | 0x47101900 | 4 | 是 | 侦测 | 暴力 | MySQL: Login Failed | 0x47100100 | 3 | 允许 |
BOT: Muieblackcat Activity Detected | 0x43f00e00 | 5 | 是 | 侦测 | Multi-Attack Known Bot | BOT: Muieblackcat Traffic Detected I,
BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected
|
0x48810600,0x48810700 | 4,4
|
不允许(用于二者) |
ICMP: Possible Attack To Exploit BlackNurse Vulnerability II | 0x40102c00 | 4 | 是 | 侦测 | 暴力 | ICMP: Port Unreachable Packet Seen II | 0x40102b00 | 3 | 不允许 |
ICMP: Possible Attack to exploit BlackNurse vulnerability | 0x40102a00 | 4 | 是 | 侦测 | 暴力 | ICMP: Port Unreachable Packet Seen | 0x40102900 | 3 | 不允许 |
BOT: Cerber Ransomware Activity Detected | 0x48812000 | 6 | 是 | 侦测 | 主机扫描 | BOT: Cerber Ransomware Traffic Detected | 0x48811f00 | 5 | 不允许 |
HTTP: Possible Wordpress brute force login detected | 0x43f01200 | 6 | 是 | 侦测 | 暴力 | HTTP: WordPress login seen | 0x451d0a00 | 0 | 不允许 |
HTTP: Wordpress User enumeration wpscan | 0x43f01100 | 6 | 是 | 侦测 | 指纹探测 | HTTP: WordPress user enumeration | 0x451d0800 | 0 | 不允许 |
相关信息
有关如何在 Network Security Manager 8.3 中配置组件攻击以检测关联攻击的信息,请参阅 KB89026.
免责声明
本文内容源于英文。如果英文内容与其翻译内容之间存在差异,应始终以英文内容为准。本文部分内容是使用 Microsoft 的机器翻译技术进行翻译的。