Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

27-16

Cisco ASDM User Guide

OL-16647-01

Chapter 27 Configuring Advanced Firewall Protection

Configuring IP Audit

3042 400028 TCP FIN only flags Attack Triggers when a single orphaned TCP FIN

packet is sent to a privileged port (having port

number less than 1024) on a specific host.

3153 400029 FTP Improper Address Specified Informational Triggers if a port command is issued with an

address that is not the same as the requesting

host.

3154 400030 FTP Improper Port Specified Informational Triggers if a port command is issued with a

data port specified that is <1024 or >65535.

4050 400031 UDP Bomb attack Attack Triggers when the UDP length specified is

less than the IP length specified. This

malformed packet type is associated with a

denial of service attempt.

4051 400032 UDP Snork attack Attack Triggers when a UDP packet with a source

port of either 135, 7, or 19 and a destination

port of 135 is detected.

4052 400033 UDP Chargen DoS attack Attack This signature triggers when a UDP packet is

detected with a source port of 7 and a

destination port of 19.

6050 400034 DNS HINFO Request Informational Triggers on an attempt to access HINFO

records from a DNS server.

6051 400035 DNS Zone Transfer Informational Triggers on normal DNS zone transfers, in

which the source port is 53.

6052 400036 DNS Zone Transfer from High Port Informational Triggers on an illegitimate DNS zone transfer,

in which the source port is not equal to 53.

6053 400037 DNS Request for All Records Informational Triggers on a DNS request for all records.

6100 400038 RPC Port Registration Informational Triggers when attempts are made to register

new RPC services on a target host.

6101 400039 RPC Port Unregistration Informational Triggers when attempts are made to

unregister existing RPC services on a target

host.

6102 400040 RPC Dump Informational Triggers when an RPC dump request is issued

to a target host.

6103 400041 Proxied RPC Request Attack Triggers when a proxied RPC request is sent

to the portmapper of a target host.

6150 400042 ypserv (YP server daemon) Portmap

Request

Informational Triggers when a request is made to the

portmapper for the YP server daemon

(ypserv) port.

6151 400043 ypbind (YP bind daemon) Portmap

Request

Informational Triggers when a request is made to the

portmapper for the YP bind daemon (ypbind)

port.

Table 27-3 Signature IDs and System Message Numbers (continued)

Signature

ID

Message

Number Signature Title Signature Type Description

previous next