Displaying 1 result from an estimated 1 matches for "6ec7".
Did you mean:
69c7
2007 Apr 18
2
[Bridge] IPS HLBR 1.0 released (off-topic)
...l suffer the action named 'virus'.
This action logs the event, dumps the malicious traffic in tcpdump
format and drops the packet. Below is an example of rule against a type
of buffer overflow attempt against DNS servers:
<rule>
ip dst(dns)
udp dst(53)
udp nocase(|41cd 80c7 062f 6269 6ec7 4604 2f73 6800 89f0 83c0 0889 4608|)
message=(dnsattacks-1) tsl bind attack
action=action1
</rule>
In this case, due to the use of pipe characters (|), HLBR will check
the traffic for the hexadecimal sequence given as an attack signature.
HLBR lets you use rules for blocking attacks agains...