Does some anyone remmember about this question??? -------------- Hello Question: Is Network Sensor able to analysis packets that doesn´t match a normal HTTP connection like a example: reverse telnet through port 80(http)?
PAM(Protocol Analysis Module) shouldn't detect this protocol anomaly? Last weekend my webserver was exploited using "reverse telnet" and I my Network Sensor 7.0 was unable to detect this protocol anomaly. Jefferson Ps: (Reverse Telnet)http://www.onlamp.com/pub/a/onlamp/2003/05/29/netcat.html _----------------------------------------------------------- Well, now the anomally is detected by Sensors with the new XPU 24.11, PERFECTO!!!!!!! HTTP unknown protocol http-unknown-protocol (21259) Thank you in advance for help!!!! _______________________________________________ ISSForum mailing list [email protected] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
