Home » ZyXEL Manuals » Networking » ZyXEL ISG50-PSTN » Manual Viewer

ZyXEL ISG50-PSTN User Guide - Page 425

Table 140, Label, Description

Get ZyXEL ISG50-PSTN PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 425 highlights

Chapter 26 ADP HTTP Inspection and TCP/UDP/ICMP Decoders The following table gives some information on the HTTP inspection, TCP decoder, UDP decoder and ICMP decoder ISG50 protocol anomaly rules. Table 140 HTTP Inspection and TCP/UDP/ICMP Decoders LABEL DESCRIPTION HTTP Inspection APACHE-WHITESPACE ATTACK This rule deals with non-RFC standard of tab for a space delimiter. Apache uses this, so if you have an Apache server, you need to enable this option. ASCII-ENCODING ATTACK This rule can detect attacks where malicious attackers use ASCIIencoding to encode attack strings. Attackers may use this method to bypass system parameter checks in order to get information or privileges from a web server. BARE-BYTE-UNICODINGENCODING ATTACK Bare byte encoding uses non-ASCII characters as valid values in decoding UTF-8 values. This is NOT in the HTTP standard, as all non-ASCII values have to be encoded with a %. Bare byte encoding allows the user to emulate an IIS server and interpret non-standard encodings correctly. BASE36-ENCODING ATTACK This is a rule to decode base36-encoded characters. This rule can detect attacks where malicious attackers use base36-encoding to encode attack strings. Attackers may use this method to bypass system parameter checks in order to get information or privileges from a web server. DIRECTORY-TRAVERSAL ATTACK This rule normalizes directory traversals and self-referential directories. So, "/abc/this_is_not_a_real_dir/../xyz" get normalized to "/abc/xyz". Also, "/abc/./xyz" gets normalized to "/ abc/xyz". If a user wants to configure an alert, then specify "yes", otherwise "no". This alert may give false positives since some web sites refer to files using directory traversals. DOUBLE-ENCODING ATTACK This rule is IIS specific. IIS does two passes through the request URI, doing decodes in each one. In the first pass, IIS encoding (UTF-8 unicode, ASCII, bare byte, and %u) is done. In the second pass ASCII, bare byte, and %u encodings are done. IIS-BACKSLASH-EVASION ATTACK This is an IIS emulation rule that normalizes backslashes to slashes. Therefore, a request-URI of "/abc\xyz" gets normalized to "/abc/xyz". IIS-UNICODE-CODEPOINTENCODING ATTACK This rule can detect attacks which send attack strings containing non-ASCII characters encoded by IIS Unicode. IIS Unicode encoding references the unicode.map file. Attackers may use this method to bypass system parameter checks in order to get information or privileges from a web server. MULTI-SLASH-ENCODING ATTACK This rule normalizes multiple slashes in a row, so something like: "abc/////////xyz" get normalized to "abc/xyz". NON-RFC-DEFINED-CHAR ATTACK This rule lets you receive a log or alert if certain non-RFC characters are used in a request URI. For instance, you may want to know if there are NULL bytes in the request-URI. NON-RFC-HTTP-DELIMITER ATTACK This is when a newline "\n" character is detected as a delimiter. This is non-standard but is accepted by both Apache and IIS web servers. OVERSIZE-CHUNKENCODING ATTACK This rule is an anomaly detector for abnormally large chunk sizes. This picks up the apache chunk encoding exploits and may also be triggered on HTTP tunneling that uses chunk encoding. ISG50 User's Guide 425

Section	Page
ISG50	1
Contents Overview	3
Table of Contents	5
User’s Guide	25
Introducing the ISG50	27
1.1 Overview	27
1.1.1 PBX	27
1.1.2 Security and Routing	28
1.1.3 Application Scenarios	28
1.2 Rack-mounted Installation	31
1.2.1 Rack-Mounted Installation Procedure	32
1.3 Connecting the Frame Ground	32
1.4 Front Panel	33
1.4.1 Front Panel LEDs	33
1.5 3G PCMCIA Card Installation	34
1.6 Management Overview	34
1.7 Starting and Stopping the ISG50	35
Features and Applications	37
2.1 Features	37
Web Configurator	43
3.1 Web Configurator Requirements	43
3.2 Web Configurator Access	43
3.3 Web Configurator Screens Overview	45
3.3.1 Title Bar	45
3.3.2 Navigation Panel	46
3.3.3 Main Window	52
3.3.4 Tables and Lists	54
Installation Setup Wizard	59
4.1 Installation Setup Wizard Screens	59
4.1.1 Internet Access Setup - WAN Interface	59
4.1.2 Internet Access: Ethernet	60
4.1.3 Internet Access: PPPoE	62
4.1.4 Internet Access: PPTP	63
4.1.5 ISP Parameters	63
4.1.6 Internet Access Setup - Second WAN Interface	65
4.1.7 Internet Access - Finish	66
4.2 Device Registration	66
Quick Setup	69
5.1 Quick Setup Overview	69
5.2 WAN Interface Quick Setup	70
5.2.1 Choose an Ethernet Interface	70
5.2.2 Select WAN Type	71
5.2.3 Configure WAN Settings	72
5.2.4 WAN and ISP Connection Settings	72
5.2.5 Quick Setup Interface Wizard: Summary	75
5.3 VPN Quick Setup	76
5.4 VPN Setup Wizard: Wizard Type	77
5.5 VPN Express Wizard - Scenario	78
5.5.1 VPN Express Wizard - Configuration	79
5.5.2 VPN Express Wizard - Summary	80
5.5.3 VPN Express Wizard - Finish	81
5.5.4 VPN Advanced Wizard - Scenario	82
5.5.5 VPN Advanced Wizard - Phase 1 Settings	83
5.5.6 VPN Advanced Wizard - Phase 2	84
5.5.7 VPN Advanced Wizard - Summary	85
5.5.8 VPN Advanced Wizard - Finish	86
Configuration Basics	87
6.1 PBX Features Overview	87
6.1.1 Call Routing	87
6.1.2 Internal Call Routing	89
6.1.3 Outbound Call Routing	89
6.2 Object-based Configuration	91
6.3 Zones, Interfaces, and Physical Ports	92
6.3.1 Interface Types	92
6.3.2 Default Interface and Zone Configuration	93
6.4 Terminology in the ISG50	94
6.5 Packet Flow	94
6.5.1 Routing Table Checking Flow	95
6.5.2 NAT Table Checking Flow	96
6.6 Other Features Configuration Overview	97
6.6.1 Feature	97
6.6.2 Licensing Registration	98
6.6.3 Interface	98
6.6.4 Trunks	98
6.6.5 Policy Routes	98
6.6.6 Static Routes	99
6.6.7 Zones	99
6.6.8 DDNS	100
6.6.9 NAT	100
6.6.10 HTTP Redirect	101
6.6.11 ALG	101
6.6.12 Auth. Policy	101
6.6.13 Firewall	101
6.6.14 IPSec VPN	102
6.6.15 Bandwidth Management	102
6.6.16 ADP	103
6.7 Objects	103
6.7.1 User/Group	104
6.8 System	104
6.8.1 DNS, WWW, SSH, TELNET, FTP, SNMP	104
6.8.2 Logs and Reports	105
6.8.3 File Manager	105
6.8.4 Diagnostics	105
6.8.5 Shutdown	105
General Tutorials	107
7.1 How to Configure Interfaces, Port Roles, and Zones	107
7.1.1 Configure a WAN Ethernet Interface	108
7.1.2 Configure Port Roles	108
7.1.3 Configure Zones	108
7.2 How to Configure a Cellular Interface	109
7.3 How to Configure Load Balancing	111
7.3.1 Set Up Available Bandwidth on Ethernet Interfaces	111
7.3.2 Configure the WAN Trunk	112
7.4 How to Set Up an IPSec VPN Tunnel	113
7.4.1 Set Up the VPN Gateway	114
7.4.2 Set Up the VPN Connection	115
7.4.3 Configure Security Policies for the VPN Tunnel	116
7.5 How to Configure User-aware Access Control	116
7.5.1 Set Up User Accounts	117
7.5.2 Set Up User Groups	118
7.5.3 Set Up User Authentication Using the RADIUS Server	118
7.6 How to Use a RADIUS Server to Authenticate User Accounts Based on Groups	120
7.7 How to Use Authentication Policies	122
7.7.1 Configure the Authentication Policy	122
7.8 How to Configure Service Control	123
7.8.1 Allow HTTPS Administrator Access Only From the LAN	123
7.9 How to Allow Incoming H.323 Peer-to-peer Calls	125
7.9.1 Turn On the ALG	126
7.9.2 Set Up a NAT Policy For H.323	126
7.9.3 Set Up a Firewall Rule For H.323	128
7.10 How to Allow Public Access to a Web Server	129
7.10.1 Create the Address Objects	129
7.10.2 Configure NAT	130
7.10.3 Set Up a Firewall Rule	131
7.11 How to Use Multiple Static Public WAN IP Addresses for LAN to WAN Traffic	132
7.11.1 Create the Public IP Address Range Object	132
7.11.2 Configure the Policy Route	132
PBX Tutorials	135
8.1 Making Internal Calls	136
8.1.1 Configure SIP Extensions	136
8.1.2 Connect IP Phones	140
8.1.3 Register IP Phones	140
8.2 Auto Provisioning	141
8.2.1 Configuring the snom VoIP Phones for Auto Provisioning	142
8.3 Making PSTN Calls	143
8.3.1 The PSTN Connection	143
8.3.2 Creating a Dialing Rule for PSTN	144
8.3.3 Assigning an LCR to an Authority Group	146
8.4 Making ITSP Calls	147
8.4.1 The ITSP Connection	148
8.4.2 Creating a Dialing Rule for ITSP	151
8.4.3 Assigning an LCR to an Authority Group	152
8.5 Making ISDN Calls	154
8.5.1 The ISDN Connection	155
8.5.2 Creating a Dialing Rule for ISDN	156
8.5.3 Assigning an LCR to an Authority Group	158
8.6 ISDN Network Configuration Examples	159
8.6.1 Example 1: Small/Medium Business	160
8.6.2 Example 2: Company with Existing PBX	161
8.6.3 Example 3: Company with Existing PBX and Expanding Employees	162
8.7 Using Call Features	163
8.7.1 Customizing Feature Codes	163
8.7.2 Using the Voicemail Feature	163
8.8 Using the Extension Portal	164
8.8.1 Your Information	164
8.8.2 Accessing the Extension Portal	164
8.8.3 Using the Web Phone (IP Phone Users Only)	165
8.8.4 Changing Your Security Information	166
8.8.5 Personalizing Your Settings	167
8.8.6 Setting Up Voicemail	170
8.9 Capturing Packets Using the Web Configurator	171
8.10 Creating an Automated Menu System	173
8.10.1 Menu Design and Call Routing	173
8.10.2 Create an Agent Identity	174
8.10.3 Create a Skill	175
8.10.4 Create an Auto-Attendant	178
Technical Reference	183
Dashboard	185
9.1 Overview	185
9.1.1 What You Can Do in this Chapter	185
9.2 The Dashboard Screen	185
9.2.1 The CPU Usage Screen	190
9.2.2 The Memory Usage Screen	190
9.2.3 The Active Sessions Screen	191
9.2.4 The VPN Status Screen	192
9.2.5 The DHCP Table Screen	192
9.2.6 The Number of Login Users Screen	193
Monitor	195
10.1 Overview	195
10.1.1 What You Can Do in this Chapter	195
10.2 The Port Statistics Screen	196
10.2.1 The Port Statistics Graph Screen	197
10.3 Interface Status Screen	198
10.4 The Traffic Statistics Screen	200
10.5 The Session Monitor Screen	203
10.6 The DDNS Status Screen	205
10.7 IP/MAC Binding Monitor	205
10.8 The Login Users Screen	206
10.9 Cellular Status Screen	207
10.9.1 More Information	209
10.10 USB Storage Screen	210
10.11 The IPSec Monitor Screen	211
10.11.1 Regular Expressions in Searching IPSec SAs	212
10.12 SIP Peer Screen	213
10.13 FXS Peer Screen	214
10.14 SIP Trunk Screen	215
10.15 CTI Peer Screen	216
10.16 FXO Trunk Screen	217
10.17 BRI Trunk Screen	218
10.18 ACD Queue Screen	219
10.19 Log Screen	220
10.20 Querying Call Recordings	222
10.20.1 Call Recordings File List	223
10.21 CDR Backup Screen	223
10.22 CDR Query Screen	225
10.23 CDR Query Result Screen	227
Registration	229
11.1 Overview	229
11.1.1 What You Can Do in this Chapter	229
11.1.2 What you Need to Know	229
11.2 The Registration Screen	230
11.3 The Service Screen	231
Interfaces	233
12.1 Interface Overview	233
12.1.1 What You Can Do in this Chapter	233
12.1.2 What You Need to Know	233
12.2 Port Role	236
12.3 Ethernet Summary Screen	237
12.3.1 Ethernet Edit	238
12.3.2 Object References	246
12.4 PPP Interfaces	246
12.4.1 PPP Interface Summary	247
12.4.2 PPP Interface Add or Edit	248
12.5 Cellular Configuration Screen (3G)	251
12.5.1 Cellular Add/Edit Screen	253
12.6 VLAN Interfaces	259
12.6.1 VLAN Summary Screen	261
12.6.2 VLAN Add/Edit	262
12.7 Bridge Interfaces	267
12.7.1 Bridge Summary	269
12.7.2 Bridge Add/Edit	270
12.7.3 Virtual Interfaces Add/Edit	275
12.8 Interface Technical Reference	276
Trunks	281
13.1 Overview	281
13.1.1 What You Can Do in this Chapter	281
13.1.2 What You Need to Know	281
13.2 The Trunk Summary Screen	285
13.3 Configuring a Trunk	287
13.4 Trunk Technical Reference	288
Policy and Static Routes	289
14.1 Policy and Static Routes Overview	289
14.1.1 What You Can Do in this Chapter	289
14.1.2 What You Need to Know	290
14.2 Policy Route Screen	291
14.2.1 Policy Route Edit Screen	294
14.3 IP Static Route Screen	297
14.3.1 Static Route Add/Edit Screen	298
14.4 Policy Routing Technical Reference	299
Routing Protocols	302
15.1 Routing Protocols Overview	302
15.1.1 What You Can Do in this Chapter	302
15.1.2 What You Need to Know	302
15.2 The RIP Screen	302
15.3 The OSPF Screen	304
15.3.1 Configuring the OSPF Screen	307
15.3.2 OSPF Area Add/Edit Screen	309
15.3.3 Virtual Link Add/Edit Screen	311
15.4 Routing Protocol Technical Reference	311
Zones	313
16.1 Zones Overview	313
16.1.1 What You Can Do in this Chapter	313
16.1.2 What You Need to Know	313
16.2 The Zone Screen	314
16.3 Zone Edit	315
DDNS	317
17.1 DDNS Overview	317
17.1.1 What You Can Do in this Chapter	317
17.1.2 What You Need to Know	317
17.2 The DDNS Screen	318
17.2.1 The Dynamic DNS Add/Edit Screen	319
NAT	323
18.1 NAT Overview	323
18.1.1 What You Can Do in this Chapter	323
18.1.2 What You Need to Know	323
18.2 The NAT Screen	324
18.2.1 The NAT Add/Edit Screen	325
18.3 NAT Technical Reference	328
HTTP Redirect	331
19.1 Overview	331
19.1.1 What You Can Do in this Chapter	331
19.1.2 What You Need to Know	331
19.2 The HTTP Redirect Screen	332
19.2.1 The HTTP Redirect Edit Screen	333
ALG	335
20.1 ALG Overview	335
20.1.1 What You Can Do in this Chapter	335
20.1.2 What You Need to Know	335
20.1.3 Before You Begin	337
20.2 The ALG Screen	338
20.3 ALG Technical Reference	339
IP/MAC Binding	341
21.1 IP/MAC Binding Overview	341
21.1.1 What You Can Do in this Chapter	341
21.1.2 What You Need to Know	341
21.2 IP/MAC Binding Summary	342
21.2.1 IP/MAC Binding Edit	343
21.2.2 Static DHCP Edit	344
21.3 IP/MAC Binding Exempt List	345
Authentication Policy	347
22.1 Overview	347
22.1.1 What You Can Do in this Chapter	347
22.1.2 What You Need to Know	347
22.2 Authentication Policy Screen	347
22.2.1 Creating/Editing an Authentication Policy	350
Firewall	353
23.1 Overview	353
23.1.1 What You Can Do in this Chapter	353
23.1.2 What You Need to Know	354
23.1.3 Firewall Rule Example Applications	356
23.1.4 Firewall Rule Configuration Example	358
23.2 The Firewall Screen	360
23.2.1 Configuring the Firewall Screen	360
23.2.2 The Firewall Add/Edit Screen	363
23.3 The Session Limit Screen	364
23.3.1 The Session Limit Add/Edit Screen	365
IPSec VPN	367
24.1 IPSec VPN Overview	367
24.1.1 What You Can Do in this Chapter	367
24.1.2 What You Need to Know	368
24.1.3 Before You Begin	370
24.2 The VPN Connection Screen	370
24.2.1 The VPN Connection Add/Edit (IKE) Screen	371
24.2.2 The VPN Connection Add/Edit Manual Key Screen	377
24.3 The VPN Gateway Screen	379
24.3.1 The VPN Gateway Add/Edit Screen	381
24.4 IPSec VPN Background Information	386
Bandwidth Management	397
25.1 Overview	397
25.1.1 What You Can Do in this Chapter	397
25.1.2 What You Need to Know	397
25.1.3 Bandwidth Management Examples	401
25.2 The Bandwidth Management Screen	404
25.2.1 The Bandwidth Management Add/Edit Screen	406
ADP	411
26.1 Overview	411
26.1.1 ADP	411
26.1.2 What You Can Do in this Chapter	411
26.1.3 What You Need To Know	411
26.1.4 Before You Begin	412
26.2 The ADP General Screen	412
26.3 The Profile Summary Screen	413
26.3.1 Base Profiles	414
26.3.2 Configuring The ADP Profile Summary Screen	414
26.3.3 Creating New ADP Profiles	415
26.3.4 Traffic Anomaly Profiles	415
26.3.5 Protocol Anomaly Profiles	418
26.3.6 Protocol Anomaly Configuration	418
26.4 ADP Technical Reference	421
Global PBX Settings	429
27.1 Overview	429
27.1.1 What You Can Do in this Chapter	429
27.1.2 What You Need to Know	430
27.2 The SIP Server Screen	431
27.3 The Feature Code Screen	433
27.4 The E-Mail Screen	435
27.5 The Fake IP Screen	435
27.6 The Peer to Peer Screen	436
27.6.1 How the Peer-to-Peer SIP Connection Works	437
27.6.2 Add Peer-to-Peer Local Net	438
27.6.3 How Local Net and Peer-to-Peer Work Together	439
27.7 The QoS Screen	440
27.8 The TAPI Screen	442
27.8.1 Setting Up the TAPI Driver and Utility on Your Computer	443
27.9 Network Technical Reference	447
Voice Interfaces	448
28.1 Overview	448
28.1.1 What You Can Do in this Chapter	448
28.1.2 What You Need to Know	448
28.2 The FXS Screen	449
28.3 The FXO Screen	450
28.4 The BRI Screen	451
Extension Management	453
29.1 Overview	453
29.1.1 What You Can Do in this Chapter	453
29.1.2 What You Need to Know	453
29.1.3 Before You Begin	457
29.2 The Authority Group Screen	458
29.2.1 The Add Authority Group Screen	458
29.2.2 The Authority Group Edit Screen	459
29.3 Extension Features	461
29.3.1 Extension Add/Edit the Basic Screen	462
29.3.2 The Extension Call Forward Screen	463
29.3.3 The Extension Voice Mail Settings Screen	467
29.3.4 The Extension Advanced Screen	468
29.3.5 The Batch Add SIP Screen	469
29.4 The Group Access Code Screen	471
29.5 The Click To Talk Group Screen	472
29.5.1 Add or Edit a Click To Talk Group	472
29.6 Authority Group Technical Reference	475
Outbound Trunk Group	477
30.1 Overview	477
30.1.1 What You Can Do in this Chapter	477
30.1.2 What You Need to Know	478
30.1.3 Before You Begin	481
30.2 Outbound Trunk Group Screen	481
30.2.1 SIP Trunk Add/Edit	483
30.2.2 SIP Auto Attendant and DDI Setup	486
30.2.3 Add DDI/DID Number	488
30.2.4 Trusted Peer Trunk Add/Edit	490
30.2.5 Trusted Peer Auto Attendant and DDI Setup	493
30.2.6 Add/Edit FXO Trunk	495
30.2.7 FXO or BRI Auto Attendant	496
30.2.8 Add/Edit BRI Trunk	497
30.2.9 Add BRI Trunk DDI/DID Mapping	502
30.2.10 Auto-Attendant for Incoming BRI Calls	502
Auto-attendant	503
31.1 Overview	503
31.1.1 What You Can Do in this Chapter	503
31.1.2 What You Need to Know	503
31.2 The Default Auto-Attendant Screen	505
31.3 The Customized Auto-Attendant Screen	507
31.3.1 The Add/Edit Auto-Attendant Screen	508
31.3.2 Auto Attendant Settings: Office Hours	509
31.3.3 The Add/Edit Auto-Attendant Option Screen	511
31.3.4 The Auto-Attendant Sub Menu Screen	512
31.3.5 Auto Attendant Settings: Night Service	513
31.3.6 Greeting	515
31.4 Technical Reference	516
LCR	519
32.1 Overview	519
32.1.1 What You Can Do in this Chapter	520
32.1.2 What You Need to Know	520
32.1.3 Before You Begin	520
32.2 LCR	521
32.2.1 LCR Configuration	521
32.2.2 Add/Edit LCR Dial Condition	523
Group Management	526
33.1 Overview	526
33.1.1 What You Can Do in this Chapter	527
33.1.2 What You Need to Know	527
33.1.3 Before You Begin	530
33.2 Group Management Screen	530
33.2.1 Edit Group Management Associations	531
Call Services	532
34.1 Overview	532
34.1.1 What You Can Do in this Chapter	532
34.1.2 What You Need to Know	532
34.1.3 Before You Begin	533
34.2 The Auto Callback Screen	533
34.3 The Call Park Screen	534
34.3.1 Configuring the Call Park Screen	535
34.4 The Call Waiting Screen	536
34.4.1 Configuring the Call Waiting Screen	537
34.5 The Emergency Call Screen	538
34.5.1 Configuring the Emergency Call Screen	538
34.6 The Music on Hold Screen	539
34.6.1 Add or Edit Custom Music On Hold	541
34.7 The Call Transfer Screen	541
34.7.1 Configuring the Call Transfer Screen	542
34.8 The Call Block Screen	542
Call Recording	544
35.1 Overview	544
35.1.1 What You Can Do in this Chapter	544
35.1.2 What You Need to Know	544
35.2 Configuring the Call Recording Screen	545
Meet-me Conference	547
36.0.1 Configuring the Meet-me Conference Screen	547
36.0.2 The Meet-me Conference Calling Edit and Add Screen	547
Paging Group	549
37.1 Overview	549
37.2 The Paging Group Screen	549
37.2.1 The Add/Edit Paging Group Screen	550
ACD	553
38.1 Overview	553
38.1.1 What You Can Do in this Chapter	553
38.1.2 What You Need to Know	554
38.2 The ACD Global Screen	556
38.3 The Agent Screen	556
38.3.1 The Agent Settings Screen	557
38.4 The Skill Screen	558
38.4.1 The Add/Edit Skill Screen	559
38.5 The Hunt Group Screen	562
38.5.1 The Add/Edit Hunt Group Screen	563
38.6 The Skill Menu Screen	564
38.6.1 The Skill Menu Settings Screen	565
38.6.2 Add/Edit Skill Menu Action Screen	566
Sound Files	568
39.1 Overview	568
39.1.1 What You Can Do in this Chapter	568
39.1.2 What You Need to Know	568
39.2 The System Sound Screen	568
39.2.1 The Add/Edit Sound File Screen	569
39.3 The Specific Sound File Screen	570
39.3.1 The Add/Edit Sound File Screen	571
39.4 The Record Peer Screen	571
Auto Provision	573
40.1 Overview	573
40.1.1 What You Can Do in this Chapter	573
40.1.2 What You Need to Know	573
40.1.3 Before You Begin	574
40.2 Auto Provision Setup	575
40.2.1 snom Batch Configuration XML File	576
40.2.2 Auto Provision Edit	577
40.3 Auto Provision Advanced Screen	578
Voice Mail	581
41.1 Overview	581
41.1.1 What You Can Do in this Chapter	581
41.1.2 What You Need to Know	581
41.2 The Voice Mail Screen	582

Match case Limit results 1 per page

Chapter 26 ADP

ISG50 User’s Guide

425

HTTP Inspection and TCP/UDP/ICMP Decoders

The following table gives some information on the HTTP inspection, TCP decoder, UDP decoder and

ICMP decoder ISG50 protocol anomaly rules.

Table 140

HTTP Inspection and TCP/UDP/ICMP Decoders

LABEL

DESCRIPTION

HTTP Inspection

APACHE-WHITESPACE

ATTACK

This rule deals with non-RFC standard of tab for a space delimiter.

Apache uses this, so if you have an Apache server, you need to

enable this option.

ASCII-ENCODING ATTACK

This rule can detect attacks where malicious attackers use ASCII-

encoding to encode attack strings. Attackers may use this method

to bypass system parameter checks in order to get information or

privileges from a web server.

BARE-BYTE-UNICODING-

ENCODING ATTACK

Bare byte encoding uses non-ASCII characters as valid values in

decoding UTF-8 values. This is NOT in the HTTP standard, as all

non-ASCII values have to be encoded with a %. Bare byte

encoding allows the user to emulate an IIS server and interpret

non-standard encodings correctly.

BASE36-ENCODING ATTACK

This is a rule to decode base36-encoded characters. This rule can

detect attacks where malicious attackers use base36-encoding to

encode attack strings. Attackers may use this method to bypass

system parameter checks in order to get information or privileges

from a web server.

DIRECTORY-TRAVERSAL

ATTACK

This rule normalizes directory traversals and self-referential

directories. So, “/abc/this_is_not_a_real_dir/../xyz” get

normalized to “/abc/xyz”. Also, “/abc/./xyz” gets normalized to “/

abc/xyz”. If a user wants to configure an alert, then specify “yes”,

otherwise “no”. This alert may give false positives since some web

sites refer to files using directory traversals.

DOUBLE-ENCODING

ATTACK

This rule is IIS specific. IIS does two passes through the request

URI, doing decodes in each one. In the first pass, IIS encoding

(UTF-8 unicode, ASCII, bare byte, and %u) is done. In the second

pass ASCII, bare byte, and %u encodings are done.

IIS-BACKSLASH-EVASION

ATTACK

This is an IIS emulation rule that normalizes backslashes to

slashes. Therefore, a request-URI of “/abc\xyz” gets normalized to

“/abc/xyz”.

IIS-UNICODE-CODEPOINT-

ENCODING ATTACK

This rule can detect attacks which send attack strings containing

non-ASCII characters encoded by IIS Unicode. IIS Unicode

encoding references the unicode.map file. Attackers may use this

method to bypass system parameter checks in order to get

information or privileges from a web server.

MULTI-SLASH-ENCODING

ATTACK

This rule normalizes multiple slashes in a row, so something like:

“abc/////////xyz” get normalized to “abc/xyz”.

NON-RFC-DEFINED-CHAR

ATTACK

This rule lets you receive a log or alert if certain non-RFC

characters are used in a request URI. For instance, you may want

to know if there are NULL bytes in the request-URI.

NON-RFC-HTTP-DELIMITER

ATTACK

This is when a newline “\n” character is detected as a delimiter.

This is non-standard but is accepted by both Apache and IIS web

servers.

OVERSIZE-CHUNK-

ENCODING ATTACK

This rule is an anomaly detector for abnormally large chunk sizes.

This picks up the apache chunk encoding exploits and may also be

triggered on HTTP tunneling that uses chunk encoding.