Loading...

Network Security Platform correlated attacks
技術的な記事 ID:   KB60305
最終更新:  2017/09/18
評価:


環境

McAfee Network Security Manager (NSM)
McAfee Network Security Sensor

概要

この記事が更新されたときに電子メール通知を受信するには、ページ右側の 購読 をクリックします。購読するには、ログインする必要があります。
 
(Correlated) Attack Name (Correlated) Attack ID (Correlated) Attack Severity Suppress-Failure (Correlated) Attack
Category
(Correlated) Attack Sub-category (Component) Attack Name (Component) Attack ID (Component) Attack Severity (Component) Attack Blockable Option in NSM 6.1 and later
SMTP: Possible Brute Force Attack Detected 0x40416c00 6 yes Reconnaissance brute-force SMTP: Authentication Failure Seen 0x40416b00 0 Disallowed
SSL: Possible OpenSSL Denial of Service via memory exhaustion (CVE-2016-6304) 0x43f01000 5 yes Reconnaissance Multi-Attack Correlation SSL: OCSP extension enabled in client hello,
OpenSSL: Handshake packet seen
0x45c08e00, 0x45d39e00 0 Disallowed
SSL: OpenSSL Memory Exhaustion DOS Vulnerability 0x4001ab00 4 yes Reconnaissance Brute-Force SSL: OpenSSL Memory Leak Vulnerability (CVE-2009-1378) 0x45c08c00 1 Disallowed
Botnet: DGA Heuristic Detection of Botnet Zombie 0x43f00d00 7 no Reconnaissance Multi-Attack Correlation Botnet: DNS Name Lookup Failure Matching DGA Heuristics 0x4880db00 9 Disallowed
ICMP: Timestamp Request Host Sweep 0x40000200 4 no Reconnaissance host-sweep ICMP: Timestamp Probe 0x40100300 3 Allowed
TCP: FIN Port Scan 0x40009800 4 no Reconnaissance port-scan TCP: Illegal FIN Probe 0x40011300 2 Allowed
TCP: NULL Port Scan 0x4000a000 4 no Reconnaissance port-scan SCAN: NULL Probe 0x4000bd00 3 Allowed
TCP: XMAS Port Scan 0x4000a100 4 no Reconnaissance port-scan NMAP: XMAS Probe 0x4000b900 5 Allowed
TCP: FIN Host Sweep 0x4000a900 4 no Reconnaissance host-sweep TCP: Illegal FIN Probe 0x40011300 2 Allowed
TCP: NULL Host Sweep 0x4000aa00 4 no Reconnaissance host-sweep SCAN: NULL Probe 0x4000bd00 3 Allowed
TCP: XMAS Host Sweep 0x4000ab00 4 no Reconnaissance host-sweep NMAP: XMAS Probe 0x4000b900 5 Allowed
TCP: Fingerprinting NMAP 0x4000b300 4 no Reconnaissance fingerprinting SCAN: NULL Probe 0x4000bd00 3 Allowed
            NMAP: XMAS Probe 0x4000b900 5 Allowed
            NMAP: XMAS with SYN Probe 0x4000ba00 5 Allowed
TCP: Fingerprinting Queso 0x4000b400 4 no Reconnaissance fingerprinting TCP: Illegal FIN Probe 0x40011300 2 Allowed
            SCAN: SYN FIN Based Probes 0x4000ec00 3 Allowed
            TCP: Bare Push Probe 0x4000bc00 5 Allowed
ICMP: Netmask Request Host Sweep 0x40011d00 4 no Reconnaissance host-sweep ICMP: Netmask Request 0x40011600 3 Allowed
TELNET: Password Brute Force 0x40012700 4 yes Reconnaissance brute-force TELNET: Telnet Login Failure Detected 0x40601200 2 Disallowed
RLOGIN: Password Brute Force 0x40012800 4 yes Reconnaissance brute-force RLOGIN: Failed Login 0x40603100 2 Disallowed
RSH: Password Brute Force 0x40012900 4 yes Reconnaissance brute-force RSH: Login Failed 0x41100100 2 Disallowed
REXEC: Password Brute Force 0x40012a00 4 yes Reconnaissance brute-force REXEC: Login Failed 0x41101100 2 Disallowed
MSSQL: Password Brute Force 0x40012b00 4 yes Reconnaissance brute-force MSSQL: User Login Failed 0x41a00a00 2 Disallowed
RADIUS: Authentication Brute Force 0x40012c00 4 yes Reconnaissance brute-force RADIUS: Access Denied 0x41c00400 1 Disallowed
FTP: Login Brute Force 0x40012d00 4 yes Reconnaissance brute-force FTP: Login Failed 0x40505600 1 Disallowed
IMAP: Password Brute Force 0x40012e00 4 yes Reconnaissance brute-force IMAP: IMAP Login Failure Detected 0x41901b00 2 Disallowed
POP3: Password Brute Force 0x40012f00 4 yes Reconnaissance brute-force POP3: POP3 Login Failure Detected 0x40902c00 2 Disallowed
SMTP: VRFY Brute Force 0x40013000 4 yes Reconnaissance brute-force SMTP: VRFY Command Used 0x40013100 0 Disallowed
SMTP: EXPN Brute Force 0x40013200 4 yes Reconnaissance brute-force SMTP: EXPN Command Used 0x40013300 0 Disallowed
NETBIOS-NS: NBTSTAT Sweep Activity Detected 0x40013400 6 yes Reconnaissance service-sweep NETBIOS-NS: NBTSTAT Scan 0x40013500 1 Disallowed
NETBIOS-SS: Virus/Worm File Share Spread 0x40013600 4 yes Reconnaissance service-sweep NETBIOS-SS: Copy Executable File Attempt 0x40706500 3 Disallowed
ORACLE: Brute Force Logon 0x40014200 4 yes Reconnaissance brute-force ORACLE: Oracle Login Failure Detected 0x40014300 2 Disallowed
SSH: SSH Login Bruteforce Detected 0x40014400 4 yes Reconnaissance brute-force SSH: SSH Login Failure Detected 0x40014500 1 Disallowed
TCP: SYN Packet Fixed Header Options DoS 0x40014600 4 yes Reconnaissance brute-force TCP: SYN Packet Fixed Options Header 0x00009b00 0 Disallowed
WORM: W32/Conficker.C Activity Detected 0x40014700 4 yes Reconnaissance service-sweep P2P: Suspicious UDP Probe 0x45d08f00 5 Disallowed
TCP: RST Resource Exhaustion DoS 0x40014800 4 yes Reconnaissance brute-force TCP: RST Socket Exhaustion Dos 0x00009c00 5 Disallowed
P2P: KaZaA Client Sweep Activity Detected 0x40015000 4 no Reconnaissance service-sweep P2P: KaZaA Client Connecting to Server 0x40015100 5 Allowed
ICMP: Nachi Worm Host Sweep 0x40015400 4 no Reconnaissance host-sweep ICMP: Nachi-like Ping 0x40015500 6 Allowed
P2P: Share Sweep Traffic Detected 0x40015a00 4 yes Reconnaissance service-sweep P2P: Share-like Traffic Detected 0x40015b00 5 Disallowed
P2P: Peer-to-peer Distributed File Download Obfuscated-Traffic Detected 0x40015c00 4 yes Reconnaissance service-sweep P2P: Unknown Long-lasting Obfuscated Binary Response Data-Stream Transfer Detected 0x40015d00 5 Disallowed
BOT: W32/Nuwar@MM Client Sweep Activity Detected 0x40016200 6 yes Reconnaissance service-sweep BOT: W32/Nuwar@MM Encrypted Traffic 0x40016300 7 Disallowed
SMTP: High Level of SMTP Activity 0x40016700 1 no Reconnaissance service-sweep SMTP: RCPT TO Command Used 0x40405800 0 Allowed
PCANYWHERE: Client Sweep Activity Detected 0x40016e00 4 yes Reconnaissance service-sweep PCANYWHERE: Client Scan Activity Detected 0x43b00200 1 Disallowed
BOT: Spam-mailbot Communication Detected 0x40017200 5 no Reconnaissance service-sweep BOT: Spam-mailbot Activity Detected 0x45d06100 5 Allowed
DNS: Generic DNS Spoofing Attempt 0x40017300 5 yes Reconnaissance brute-force DNS: Generic Spoofing Activity 0x40303400 5 Disallowed
DNS: Server Response Validation Vulnerability 0x40017600 5 yes Reconnaissance brute-force DNS: Microsoft DNS Server Response Validation Vulnerability II 0x40303b00 5 Disallowed
TCP: Small Window DoS 0x40019100 5 yes Reconnaissance brute-force TCP: Small Window Flow Detected 0x00009d00 1 Disallowed
Kerberos: Kerberos Login Bruteforce Detected 0x40019800 4 yes Reconnaissance brute-force KERBEROS: Kerberos Authentication Error Detected 0x43001a00 4 Disallowed
NETBIOS-SS: Microsoft Windows SMB NTLM
Authentication Lack of Entropy Vulnerability
0x40019a00 4 yes Reconnaissance brute-force NETBIOS-SS: Non Admin Access in NTLMSSP Auth 0x4070b900 0 Disallowed
NETBIOS-SS: Microsoft Windows SMB Memory Corruption Vulnerability 0x40019b00 4 yes Reconnaissance brute-force NETBIOS-SS: SMB Negotiate 0x4070bc00 0 Disallowed
DNS: Too Many Type A Query Response Errors Found 0x40019c00 4 yes Reconnaissance brute-force DNS: Standard Query Type A Response Error Found 0x40304000 0 Disallowed
DNS: Too Many Type MX Query Response Errors Found 0x40019d00 4 yes Reconnaissance brute-force DNS: Standard Query Type MX Response Error Found 0x40304100 0 Disallowed
SMTP: Multiple Emails sent without Authentication 0x40019e00 5 no Reconnaissance service-sweep SMTP: Email sent without Authentication 0x4040ec00 0 Allowed
BOT: Spam Bot Activity - Multiple Blacklist Responses from SMTP server 0x40019f00 5 no Reconnaissance service-sweep SMTP: Server Rejection due to Blacklist 0x4040ea00 0 Allowed
BOT: Potential Bot Activity -Multiple Resets from SMTP receiver 0x4001a000 5 no Reconnaissance service-sweep SMTP: Unexpected Server Rejection 0x4040eb00 0 Allowed
SIP: SIP Bruteforce Attack Detected-I 0x4001a100 4 yes Reconnaissance brute-force SIP: Unauthorized Access Attempt 0x43801100 0 Disallowed
SIP: SIP Bruteforce Attack Detected-II 0x4001a200 4 yes Reconnaissance brute-force SIP: Server Authentication failure 0x43801200 0 Disallowed
HTTP: Possible HTTP Brute Force Attack Against ASP.NET Pages 0x4001b000 4 yes Reconnaissance brute-force HTTP: HTTP ASP Page Internal Error 0x40294800 5 Disallowed
HTTP: Possible HTTP LOIC Denial-of-Service Attack Detected 0x4001c000 4 yes Reconnaissance brute-force HTTP: Possible Non-Standard HTTP Traffic Detected 0x40296500 0 Disallowed
HTTP: Possible HTTP GET LOIC Denial-of-Service Attack Detected 0x4001d000 4 yes Reconnaissance brute-force HTTP: Possible LOIC Get Request Detected 0x40299d00 0 Disallowed
HTTP: Possible SSL Denial-of-Service Attack Detected 0x4001e000 4 no Reconnaissance brute-force SSL: Invalid SSL Flow Detected 0x45c02300 0 Disallowed
HTTP: HTTP Login Bruteforce Detected 0x40256b00 4 yes Reconnaissance brute-force HTTP: HTTP Authentication Failure 0x40256a00 5 Disallowed
HTTP: Possible HTTP DoS Attack with Invalid HTML Page Access 0x40280300 4 yes Reconnaissance brute-force HTTP: HTTP HTML Page Not Found 0x40280200 5 Disallowed
NETBIOS-SS: SMB Bruteforce Attempt 0x4070ac00 4 yes Reconnaissance brute-force NETBIOS-SS: SMB Logon Failed 0x4070ab00 1 Disallowed
PGM: Large Volume of Small Data Fragments 0x45d06800 2 yes Reconnaissance brute-force PGM: Small Data Fragment 0x45d06700 1 Disallowed
ORACLE: Oracle SID Login Bruteforce Detected 0x46c06d00 4 yes Reconnaissance brute-force ORACLE: ORACLE TNS CONNECT_DATA and SID Request Detected 0x46c06c00 0 Disallowed
MySQL: Password Brute Force 0x47101400 4 yes Reconnaissance brute-force MySQL: Login Failed 0x47100100 3 Disallowed
RDP: Terminal Service Denial of service 0x4001f000 5 yes Reconnaissance brute-force RDP: RST Packet Detected 0x00011900 5 Disallowed
HTTP: Possible Anonymous OpMegaUpload DoS 0x4001b100 5 yes Reconnaissance brute-force HTTP: Anonymous OpMegaUpload Detected 0x402b8400 5 Disallowed
NETBIOS-SS: Non Admin Access in NTLMSSP Auth II Denial of Service 0x40020300 4 yes Reconnaissance brute-force NETBIOS-SS: Non Admin Access in NTLMSSP Auth II 0x43c03a00 4 Disallowed
FTP: VSFTPD Connection Handling DOS 0x4050df00 4 yes Reconnaissance brute-force FTP: VsFTPd Banner 0x4050de00 0 Disallowed
NTP: NTP Amplification DoS 0x41b00800 4 yes Reconnaissance brute-force NTP: NTP Amplification Attacks 0x41b00700 5 Disallowed
SSL: Too Many HTTPS Requests 0x45c03600 4 yes Reconnaissance brute-force SSL: Client HTTPS Request 0x45c03500 0 Disallowed
Digium: Digium Asterik Heap Buffer Overflow 0x45d21600 4 yes Reconnaissance brute-force Digium: Asterisk Heap Buffer Overflow Skinny Channel Driver Remote Code Execution 0x45d1ee00 5 Disallowed
ORACLE: Database Server TNS Listener Poison DoS Attack Detected 0x46c08200 4 yes Reconnaissance brute-force ORACLE: Database Server TNS Listener Poison Attack Remote Code Execution 0x46c08100 7 Disallowed
MySQL: MariaDB memcmp Function Security Bypass Vulnerability 0x47101900 4 yes Reconnaissance brute-force MySQL: Login Failed 0x47100100 3 Allowed
BOT: Muieblackcat Activity Detected 0x43f00e00 5 yes Reconnaissance Multi-Attack Known Bot BOT: Muieblackcat Traffic Detected I,
BOT: Potential Muieblackcat Scanner Double-URI Traffic Detected
0x48810600, 0x48810700 4, 4
 
Disallowed (for both)
ICMP: Possible Attack To Exploit BlackNurse Vulnerability II 0x40102c00 4 yes Reconnaissance brute-force ICMP: Port Unreachable Packet Seen II 0x40102b00 3 Disallowed
ICMP: Possible Attack to exploit BlackNurse vulnerability 0x40102a00 4 yes Reconnaissance brute-force ICMP: Port Unreachable Packet Seen 0x40102900 3 Disallowed
BOT: Cerber Ransomware Activity Detected 0x48812000 6 yes Reconnaissance host-sweep BOT: Cerber Ransomware Traffic Detected 0x48811f00 5 Disallowed
HTTP: Possible Wordpress brute force login detected 0x43f01200 6 yes Reconnaissance brute-force HTTP: WordPress login seen 0x451d0a00 0 Disallowed
HTTP: Wordpress User enumeration wpscan 0x43f01100 6 yes Reconnaissance fingerprinting HTTP: WordPress user enumeration 0x451d0800 0 Disallowed

このドキュメントを評価する

この記事によって問題が解決されましたか?

ご意見がありましたら以下にご記入ください

Beta Translate with

Select a desired language below to translate this page.

技術用語集


 用語集にある用語をハイライトする

当社の技術用語集を参照してください。