Symantec 360R Administration Guide - Page 116
Trojan horse protection, Setting protection preferences
UPC - 037648240185
View all Symantec 360R manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 116 highlights
116 Preventing attacks Setting protection preferences one attack in five seconds. When ICMP is enabled, the log messages are not limited. The appliance defends against the following atomic IDS/IPS signatures: ■ Bonk ■ Back Orifice (Trojan horse communication channel) ■ Girlfriend (Trojan horse communication channel) ■ Fawx ■ Jolt ■ Land ■ Nestea ■ Newtear ■ Overdrop ■ Ping of Death ■ Portal of Doom (Trojan horse communication channel) ■ SubSeven (Trojan horse communication channel) ■ Syndrop ■ Teardrop ■ Winnuke ■ HTML buffer overflow ■ TCP/UDP flood protection Trojan horse protection Any attempt to connect to a blocked port that is commonly used by Trojan horse programs is logged and classified as a possible attack. The log message warns the user that an illegal connection attempt was made and that they should audit their internal systems to verify they are not compromised. Trojan horse protection is overridden if traffic is explicitly allowed in an inbound rule. Setting protection preferences For each atomic IDS/IPS signature, you can set the action to take with detection of each individual signature, as follows: ■ Block and Warn Drop and log packets identified as containing the specific signature.