Trellix IPS attacks for which packet logs can't be collected
Technical Articles ID:
KB56050
Last Modified: 2024-01-23 10:49:03 Etc/GMT
Last Modified: 2024-01-23 10:49:03 Etc/GMT
Environment
Trellix Intrusion Prevention System (Trellix IPS)
Summary
Recent updates to this article
Date | Update |
January 23, 2024 | Removed the category tags for End of Life product versions. |
To receive email notification when this article is updated, click Subscribe on the right side of the page. You must be logged on to subscribe.
Problem
Trellix IPS attacks are set to collect or capture packet logs, but no packet logs are available.
Solution
Because of the way some attacks are detected, the Sensor doesn't collect a corresponding packet log, even if it's enabled to do so.
The following is a list of attacks where a packet log isn't collected, even if it's enabled.
The following is a list of attacks where a packet log isn't collected, even if it's enabled.
Name | NSP | Attack Category | Response | Capture Packets |
BOT Heuristic: Potential Bot Activity - Multiple Resets from SMTP receiver | 0x43f00900 | Reconnaissance Correlation Attack | --- | --- |
BOT Heuristic: Spam Bot Activity - Multiple Blacklist Responses from SMTP server | 0x43f00800 | Reconnaissance Correlation Attack | --- | --- |
Heuristic DNS: Too Many Type A Query Response Errors Found | 0x43f00700 | Reconnaissance Correlation Attack | --- | --- |
Heuristic DNS: Too Many Type MX Query Response Errors Found | 0x43f00a00 | Reconnaissance Correlation Attack | --- | --- |
Heuristic SMTP: Multiple Emails sent without Authentication | 0x43f00b00 | Reconnaissance Correlation Attack | --- | --- |
ICMP: Host Sweep | 0x40009900 | Reconnaissance Correlation Attack | --- | --- |
ICMP: |
0x40015400 | Reconnaissance Correlation Attack | --- | --- |
ICMP: Netmask Request Host Sweep | 0x40011d00 | Reconnaissance Correlation Attack | --- | --- |
ICMP: Timestamp Request Host Sweep | 0x40000200 | Reconnaissance Correlation Attack | --- | --- |
Inbound Link Utilization (Bytes/Sec) Too High | 0x40009300 | DOS Threshold Attack | --- | --- |
Outbound Link Utilization (Bytes/Sec) Too High | 0x40018900 | DOS Threshold Attack | --- | --- |
TCP: ACK Host Sweep | 0x40009c00 | Reconnaissance Correlation Attack | --- | --- |
TCP: ACK Port Scan | 0x40009600 | Reconnaissance Correlation Attack | --- | --- |
TCP: FIN Host Sweep | 0x4000a900 | Reconnaissance Correlation Attack | --- | --- |
TCP: FIN Port Scan | 0x40009800 | Reconnaissance Correlation Attack | --- | --- |
TCP: Fingerprinting NMAP | 0x4000b300 | Reconnaissance Correlation Attack | --- | --- |
TCP: Fingerprinting |
0x4000b400 | Reconnaissance Correlation Attack | --- | --- |
TCP: Full-Connect Host Sweep | 0x40009a00 | Reconnaissance Correlation Attack | --- | --- |
TCP: Full-Connect Port Scan | 0x40009400 | Reconnaissance Correlation Attack | --- | --- |
TCP: NULL Host Sweep | 0x4000aa00 | Reconnaissance Correlation Attack | --- | --- |
TCP: NULL Port Scan | 0x4000a000 | Reconnaissance Correlation Attack | --- | --- |
TCP: RST Resource Exhaustion DoS | 0x40014800 | Reconnaissance Correlation Attack | --- | --- |
TCP: Small Window DoS | 0x40019100 | Reconnaissance Correlation Attack | --- | --- |
TCP: SYN Host Sweep | 0x40009b00 | Reconnaissance Correlation Attack | --- | --- |
TCP: SYN Packet Fixed Header Options DoS | 0x40014600 | Reconnaissance Correlation Attack | --- | --- |
TCP: SYN Port Scan | 0x40009500 | Reconnaissance Correlation Attack | --- | --- |
TCP: XMAS Host Sweep | 0x4000ab00 | Reconnaissance Correlation Attack | --- | --- |
TCP: XMAS Port Scan | 0x4000a100 | Reconnaissance Correlation Attack | --- | --- |
Too Many Inbound ICMP Packets | 0x40008e00 | DOS Threshold Attack | --- | --- |
Too Many Inbound IP Fragments | 0x4000b500 | DOS Threshold Attack | --- | --- |
Too Many Inbound Large ICMP packets | 0x40008f00 | DOS Threshold Attack | --- | --- |
Too Many Inbound Large UDP packets | 0x40009100 | DOS Threshold Attack | --- | --- |
Too Many Inbound Rejected TCP Packets | 0x40009200 | DOS Threshold Attack | --- | --- |
Too Many Inbound TCP Connections | 0x40008d00 | DOS Threshold Attack | --- | --- |
Too Many Inbound TCP SYNs | 0x40008c00 | DOS Threshold Attack | --- | --- |
Too Many Outbound ICMP Packets | 0x40018300 | DOS Threshold Attack | --- | --- |
Too Many Outbound IP Fragments | 0x40018800 | DOS Threshold Attack | --- | --- |
Too Many Outbound Large ICMP packets | 0x40018400 | DOS Threshold Attack | --- | --- |
Too Many Outbound Large UDP packets | 0x40018600 | DOS Threshold Attack | --- | --- |
Too Many Outbound Rejected TCP Packets | 0x40018700 | DOS Threshold Attack | --- | --- |
Too Many Outbound TCP Connections | 0x40018200 | DOS Threshold Attack | --- | --- |
Too Many Outbound TCP SYNS | 0x40018100 | DOS Threshold Attack | --- | --- |
Too Many Outbound UDP Packets | 0x40018500 | DOS Threshold Attack | --- | --- |
UDP: Host Sweep | 0x40017000 | Reconnaissance Correlation Attack | --- | --- |
UDP: Port Scan | 0x40009700 | Reconnaissance Correlation Attack | --- | --- |
UDP: Too Many Inbound UDP Packets | 0x40009000 | DOS Threshold Attack | --- | --- |
BOT: |
0x48812000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: |
0x43f00e00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: Possible Blackhole Activity Detected | 0x43f00c00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: Potential Bot Activity -Multiple Resets from SMTP receiver | 0x4001a000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: Potential Bot Detected - High Confidence Heuristics Correlation | 0x43f00300 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: Potential Bot Detected - Low Confidence Heuristics Correlation | 0x43f00600 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: Potential Bot Detected - Medium Confidence Heuristics Correlation | 0x43f00200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: Spam Bot Activity - Multiple Blacklist Responses from SMTP server | 0x40019f00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: Spam-mailbot Communication Detected | 0x40017200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: |
0x43f00100 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: W32/Nuwar@MM Client Sweep Activity Detected | 0x40016200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
BOT: ZeroAccess CnC Activity Detected | 0x48812800 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
Botnet: DGA Heuristic Detection of Botnet Zombie | 0x43f00d00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DCERPC: Abnormal Flow Termination | 0x47600700 | Exploit | Send Alert to Manager | --- |
0x45d21600 | Reconnaissance Correlation Attack | Send Alert to Manager | --- | |
DNS: Generic DNS Spoofing Attempt | 0x40017300 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: ISC BIND Referral CNAME and DNAME Assertion Failure DoS (CVE-2017-3137) | 0x43f01300 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: ISC BIND RPZ Rule Processing Denial of Service Vulnerability (CVE-2017-3140) | 0x4030c500 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Possible DNS Tunneling Attempt | 0x40308600 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Possible DNS Tunneling Attempt II | 0x40308800 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Possible DNS Tunneling Attempt III | 0x40309300 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Possible DNS Tunneling Attempt IV | 0x40308d00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Possible DNS Tunneling Attempt V | 0x40309400 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Possible DNS Tunneling Attempt VI | 0x40309500 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Possible DNS Tunneling Attempt VIII | 0x4030bd00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Potential DNS Tunneling - Many NULL Type DNS Queries | 0x40308400 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Server Response Validation Vulnerability | 0x40017600 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Squid Proxy DNS Response Spoofing Detected | 0x40308200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Too Many Type A Query Response Errors Found | 0x40019c00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Too Many Type MX Query Response Errors Found | 0x40019d00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DNS: Too Many Type NS Query Attack Detected | 0x40306d00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DoS: Firewall Violation on Sensor Management Port | 0x40018b00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
DoS: Sensor Management Port | 0x00006b00 | Exploit | Send Alert to Manager | --- |
FINGER: ZKFingerd Format String Vulnerability | 0x41301100 | Exploit | Send Alert to Manager | --- |
FTP: Login Brute Force | 0x40012d00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
FTP: VSFTPD Connection Handling DOS | 0x4050df00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Drupal Xmlrpc.php DOS Attack Detected | 0x451d7600 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: HTTP Login |
0x40256b00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Hydra Tool Brute Force Attack | 0x451d5b00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Network Weather Map persistent XSS vulnerability (CVE-2013-2618) | 0x43f01600 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: PHP Multipart Form-Data Request Parsing DoS | 0x4516cc00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Possible Anonymous OpMegaUpload DoS | 0x4001b100 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Possible HTTP Brute Force Attack Against ASP.NET Pages | 0x4001b000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Possible HTTP DoS Attack with Invalid HTML Page Access | 0x40280300 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Possible HTTP GET LOIC Denial-of-Service Attack Detected | 0x4001d000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Possible HTTP KeepAlive DoS Detected | 0x451db400 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Possible HTTP LOIC Denial-of-Service Attack Detected | 0x4001c000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Possible Login |
0x451db200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Possible SSL Denial-of-Service Attack Detected | 0x4001e000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: Possible |
0x43f01200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: |
0x43f01100 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
HTTP: WPScan Tool Brute Force Attack | 0x451d6000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
ICMP: ICMP Redirect | 0x40100b00 | Policy Violation | Send Alert to Manager | --- |
ICMP: Loki2 Tunnel Detected II | 0x40102d00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
ICMP: Possible attack to exploit BlackNurse vulnerability | 0x40102a00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
ICMP: Possible Attack To Exploit BlackNurse Vulnerability II | 0x40102c00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
ICMP: Router Advertisement | 0x40100700 | Policy Violation | Send Alert to Manager | --- |
ICMP: Source Quench Option Set | 0x00001000 | Exploit | Send Alert to Manager | --- |
ICMP_ECHO Anomaly | 0x40008800 | DOS Learning Attack | Send Alert to Manager | --- |
ICMPv6: ICMPv6 In IPv4 | 0x48a00800 | Policy Violation | Send Alert to Manager | --- |
ICMPv6: Redirect Message | 0x48a00400 | Policy Violation | Send Alert to Manager | --- |
IMAP: Password Brute Force | 0x40012e00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
Inbound ICMP Echo Request or Reply Volume Too High | 0x40013800 | DOS Learning Attack | Send Alert to Manager | --- |
Inbound ICMP Packet Volume Too High | 0x40008b00 | DOS Learning Attack | Send Alert to Manager | --- |
Inbound IP Fragment Volume Too High | 0x4000b600 | DOS Learning Attack | Send Alert to Manager | --- |
Inbound Non-TCP-UDP-ICMP Volume Too High | 0x4000b800 | DOS Learning Attack | Send Alert to Manager | --- |
Inbound TCP OTX Segment Volume Too High | 0x40008900 | DOS Learning Attack | Send Alert to Manager | --- |
Inbound TCP SYN or FIN Volume Too High | 0x4000f100 | DOS Learning Attack | Send Alert to Manager | --- |
Inbound UDP Packet Volume Too High | 0x40008a00 | DOS Learning Attack | Send Alert to Manager | --- |
IP: Abnormally High Number of Small Fragments | 0x00001b00 | Exploit | Send Alert to Manager | --- |
IP: Connection Limiting Rule Match | 0x40020000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
IP: IP Fragment Reassembly Failed | 0x4001a900 | Exploit | Send Alert to Manager | --- |
IP: IP Fragment too Large | 0x00000100 | Exploit | Send Alert to Manager | --- |
IP: Packet has Invalid Address Source/Destination Address | 0x40010700 | Exploit | Send Alert to Manager | --- |
Kerberos: Kerberos Login |
0x40019800 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
L7DDoS: Too Many Simultaneous Web Server Connections | 0x40020100 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
L7DDoS: URL Request Rate Too High | 0x40020200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
MSSQL: Password Brute Force | 0x40012b00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
MySQL: MariaDB |
0x47101900 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
MySQL: Password Brute Force | 0x47101400 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
NETBIOS-NS: NBTSTAT Sweep Activity Detected | 0x40013400 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
NETBIOS-SS: Fragmented DCERPC Packets Detected | 0x4070c800 | Policy Violation | Send Alert to Manager | --- |
NETBIOS-SS: Microsoft Windows SMB Memory Corruption Vulnerability | 0x40019b00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
NETBIOS-SS: Microsoft Windows SMB NTLM Authentication Lack of Entropy Vulnerability | 0x40019a00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
NETBIOS-SS: Non Admin Access in NTLMSSP Auth II Denial of Service | 0x40020300 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
NETBIOS-SS: Potential TCP Segmentation Evasion | 0x4070d100 | Policy Violation | Send Alert to Manager | --- |
NETBIOS-SS: SMB Bruteforce Attempt | 0x4070ac00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
NETBIOS-SS: SMBloris attack detected | 0x43c0cc00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
NETBIOS-SS: Virus/Worm File Share Spread | 0x40013600 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
NTP: NTP Amplification DoS | 0x41b00800 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
ORACLE: Brute Force Logon | 0x40014200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
ORACLE: Database Server TNS Listener Poison DoS Attack Detected | 0x46c08200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
ORACLE: Oracle SID Login |
0x46c06d00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
Outbound ICMP Echo Request or Reply Volume Too High | 0x40018000 | DOS Learning Attack | Send Alert to Manager | --- |
Outbound ICMP Packet Volume Too High | 0x40017b00 | DOS Learning Attack | Send Alert to Manager | --- |
Outbound IP Fragment Volume Too High | 0x40017c00 | DOS Learning Attack | Send Alert to Manager | --- |
Outbound Non-TCP-UDP-ICMP Volume Too High | 0x40017e00 | DOS Learning Attack | Send Alert to Manager | --- |
Outbound TCP OTX Segment Volume Too High | 0x40017900 | DOS Learning Attack | Send Alert to Manager | --- |
Outbound TCP SYN or FIN Volume Too High | 0x40017f00 | DOS Learning Attack | Send Alert to Manager | --- |
Outbound UDP Packet Volume Too High | 0x40017a00 | DOS Learning Attack | Send Alert to Manager | --- |
P2P: KaZaA Client Sweep Activity Detected | 0x40015000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
P2P: Peer-to-peer Distributed File Download Obfuscated-Traffic Detected | 0x40015c00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
P2P: Share Sweep Traffic Detected | 0x40015a00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
PCANYWHERE: Client Sweep Activity Detected | 0x40016e00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
PGM: Large Volume of Small Data Fragments | 0x45d06800 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
0x45d3c900 | Reconnaissance Correlation Attack | Send Alert to Manager | --- | |
POP3: Password Brute Force | 0x40012f00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
RADIUS: Authentication Brute Force | 0x40012c00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
RDP: Microsoft Windows RDP Server Abnormal Termination | 0x47900000 | Exploit | Send Alert to Manager | --- |
RDP: Terminal Service Denial of service | 0x4001f000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
REXEC: Password Brute Force | 0x40012a00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
RLOGIN: Password Brute Force | 0x40012800 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
RSH: Password Brute Force | 0x40012900 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SCAN: Possible CyberCop OS Probe3 | 0x4000e800 | Reconnaissance Signature Attack | Send Alert to Manager | --- |
SENSOR: Attack Marker Resources Exhausted | 0x00001800 | Policy Violation | Send Alert to Manager | --- |
SENSOR: Packet Buffers Running Low | 0x00001100 | Policy Violation | Send Alert to Manager | --- |
SENSOR: PREVDATA Buffers Exhausted | 0x00005600 | Policy Violation | Send Alert to Manager | --- |
SENSOR: PREVDATA-NODES Exhausted | 0x00005400 | Policy Violation | Send Alert to Manager | --- |
SENSOR: Re-assembly Buffer Memory Exhausted | 0x00001400 | Policy Violation | Send Alert to Manager | --- |
SENSOR: Shellcode Detection State Nodes Exhausted | 0x00005800 | Policy Violation | Send Alert to Manager | --- |
SENSOR: TCP/UDP Control Blocks Resources Exhausted | 0x00001600 | Policy Violation | Send Alert to Manager | --- |
SENSOR: TCP/UDP Unfinished Connection Tracking Resources Exhausted | 0x00001d00 | Policy Violation | Send Alert to Manager | --- |
SIP: SIP Bruteforce Attack Detected-I | 0x4001a100 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SIP: SIP Bruteforce Attack Detected-II | 0x4001a200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SMTP: EXPN Brute Force | 0x40013200 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SMTP: High Level of SMTP Activity | 0x40016700 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SMTP: Missing Important Command | 0x40405a00 | Exploit | Send Alert to Manager | --- |
SMTP: Multiple Emails sent without Authentication | 0x40019e00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SMTP: Possible Brute Force Attack Detected | 0x40416c00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SMTP: VRFY Brute Force | 0x40013000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SNMP: SNMP Amplification DDoS | 0x40a04100 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSH: OpenSSH |
0x45b01e00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSH: SSH Login |
0x40014400 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: Connection Recycled | 0x00006200 | Policy Violation | Send Alert to Manager | --- |
SSL: Connections Exhausted | 0x00006300 | Policy Violation | Send Alert to Manager | --- |
SSL: OpenSSL DTLS Buffer Record Function Denial Of Service | 0x45c05f00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: OpenSSL DTLS Hello Message Dos Vulnerability | 0x45c04800 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: OpenSSL DTLS Process Out Of Seq Message Dos | 0x45c05100 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: OpenSSL DTLS SRTP Extension Parsing Denial of Service | 0x45c05900 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: OpenSSL Invalid Session Ticket Denial Of Service | 0x45c05700 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: OpenSSL Memory Exhaustion DOS Vulnerability | 0x4001ab00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: Packet With No Connection | 0x00006100 | Policy Violation | Send Alert to Manager | --- |
SSL: Possible OpenSSL Denial of Service via memory exhaustion (CVE-2016-6304) | 0x43f01000 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: Possible Poodle Attack on SSLv3 Vulnerability Detected | 0x40020400 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: Possible Poodle Attack on TLSv1.x Vulnerability Detected | 0x45c05b00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: Session Allocation Error | 0x00006500 | Policy Violation | Send Alert to Manager | --- |
SSL: Session Recycled | 0x00006400 | Policy Violation | Send Alert to Manager | --- |
SSL: Too Many HTTPS Requests | 0x45c03600 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
SSL: Unsupported Diffie-Hellman Cipher Suite | 0x00006800 | Policy Violation | Send Alert to Manager | --- |
SSL: Unsupported Export Cipher | 0x00006700 | Policy Violation | Send Alert to Manager | --- |
SSL: Unsupported or Unknown Cipher | 0x00006600 | Policy Violation | Send Alert to Manager | --- |
SSL: Unsupported TLS 1.1 | 0x00012c00 | Policy Violation | Send Alert to Manager | --- |
SSL: Unsupported TLS 1.2 | 0x00012d00 | Policy Violation | Send Alert to Manager | --- |
TCP Control Segment Anomaly | 0x40008700 | DOS Learning Attack | Send Alert to Manager | --- |
TCP-IP: tcp ip driver integer overflow | 0x00012b00 | Exploit | Send Alert to Manager | --- |
TCP: Abnormal TCP Window Scaling Options | 0x00000b00 | Exploit | Send Alert to Manager | --- |
TCP: Inbound TCP RST Volume Too High | 0x4000b700 | DOS Learning Attack | Send Alert to Manager | --- |
TCP: Outbound TCP RST Volume Too High | 0x40017d00 | DOS Learning Attack | Send Alert to Manager | --- |
TCP: Requested MD5 Checksums Missing from TCP Flow | 0x00000e00 | Exploit | Send Alert to Manager | --- |
TCP: RST Socket Exhaustion Dos | 0x00009c00 | Exploit | Send Alert to Manager | --- |
TCP: SYN Packet Fixed Options Header | 0x00009b00 | Policy Violation | --- | --- |
TCP: T/TCP Option | 0x00000c00 | Exploit | Send Alert to Manager | --- |
TCP: TCP Urgent Data Pointer is Non-zero | 0x00000800 | Exploit | Send Alert to Manager | --- |
TCP: TCP Window Withdrawal | 0x00000600 | Exploit | Send Alert to Manager | --- |
TCP: Timestamp Option | 0x00000d00 | Exploit | Send Alert to Manager | --- |
TCP: Urgent Data Pointer Points Beyond The Length of the Packet | 0x00000900 | Exploit | Send Alert to Manager | --- |
TCP: Urgent Pointer is Set but Ack is Zero | 0x00000a00 | Exploit | Send Alert to Manager | --- |
TDS: Protocol Violation | 0x41a03800 | Exploit | Send Alert to Manager | --- |
TELNET: Password Brute Force | 0x40012700 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
TFTP: TFTP possible reflection amplification DDoS attack detected | 0x41501e00 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
WORM: W32/Conficker.C Activity Detected | 0x40014700 | Reconnaissance Correlation Attack | Send Alert to Manager | --- |
NMAP: XMAS Probe | 0x4000b900 | Reconnaissance Signature Attack | Send Alert to Manager | --- |
NMAP: XMAS with SYN Probe | 0x4000ba00 | Reconnaissance Signature Attack | Send Alert to Manager | --- |
TCP: Bare Push Probe | 0x4000bc00 | Exploit | Send Alert to Manager | --- |
SCAN: NULL Probe | 0x4000bd00 | Exploit | Send Alert to Manager | --- |
SCAN: SYN FIN Based Probes | 0x4000ec00 | Exploit | Send Alert to Manager | --- |
TCP: Illegal FIN Probe | 0x40011300 | Exploit | Send Alert to Manager | --- |
TCP: FreeBSD TCP Out-of-Sequence Segments DoS | 0x40018f00 | Exploit | Send Alert to Manager | --- |
IP: IP Fragments Overlap | 0x40000e00 | Exploit | Send Alert to Manager | --- |
Previous Document ID (Secured)
KB40486
Affected Products
Languages:
This article is available in the following languages: