📄 119-9.txt
字号:
Rule: --Sid: 119-9-- Summary: This event is generated when the pre-processor http_inspectdetects network traffic that may constitute an attack.-- Impact: Unknown. This may be an attempt to obfuscate an attack or an attempt toevade an IDS.--Detailed Information:This event is generated when the pre-processor http_inspect detects a"\" character being used where a "/" is normally expected in a webrequest.This may be an attempt to obfuscate an attack or an attempt to evade anIDS.--Affected Systems: Microsoft IIS web servers.--Attack Scenarios: An attacker merely needs to use a "\" character instead of a "/"' in aweb request.-- Ease of Attack: Simple.-- False Positives:None Known.--False Negatives:None Known.-- Corrective Action:Check the target host for signs of compromise.Apply any appropriate vendor supplied patches.--Contributors:Daniel Roelker <droelker@sourcefire.com> Sourcefire Vulnerability Research TeamNigel Houghton <nigel.houghton@sourcefire.com>-- Additional References:HTTP IDS Evasions Revisited - Daniel Roelkerhttp://docs.idsresearch.org/http_ids_evasions.pdf--⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -