Home » ZyXEL Manuals » Networking » ZyXEL UAG715 » Manual Viewer

ZyXEL UAG715 User Guide - Page 331

Table 125, Label, Description

Add to My Manuals
Save this manual to your list of manuals

Page 331 highlights

Chapter 27 ADP Table 125 HTTP Inspection and TCP/UDP/ICMP Decoders (continued) LABEL DESCRIPTION BARE-BYTE-UNICODINGENCODING ATTACK Bare byte encoding uses non-ASCII characters as valid values in decoding UTF-8 values. This is NOT in the HTTP standard, as all nonASCII values have to be encoded with a %. Bare byte encoding allows the user to emulate an IIS server and interpret non-standard encodings correctly. BASE36-ENCODING ATTACK This is a rule to decode base36-encoded characters. This rule can detect attacks where malicious attackers use base36-encoding to encode attack strings. Attackers may use this method to bypass system parameter checks in order to get information or privileges from a web server. DIRECTORY-TRAVERSAL ATTACK This rule normalizes directory traversals and self-referential directories. So, "/abc/this_is_not_a_real_dir/../xyz" get normalized to "/abc/xyz". Also, "/abc/./xyz" gets normalized to "/abc/xyz". If a user wants to configure an alert, then specify "yes", otherwise "no". This alert may give false positives since some web sites refer to files using directory traversals. DOUBLE-ENCODING ATTACK This rule is IIS specific. IIS does two passes through the request URI, doing decodes in each one. In the first pass, IIS encoding (UTF-8 unicode, ASCII, bare byte, and %u) is done. In the second pass ASCII, bare byte, and %u encodings are done. IIS-BACKSLASH-EVASION ATTACK This is an IIS emulation rule that normalizes backslashes to slashes. Therefore, a request-URI of "/abc\xyz" gets normalized to "/abc/xyz". IIS-UNICODE-CODEPOINTENCODING ATTACK This rule can detect attacks which send attack strings containing nonASCII characters encoded by IIS Unicode. IIS Unicode encoding references the unicode.map file. Attackers may use this method to bypass system parameter checks in order to get information or privileges from a web server. MULTI-SLASH-ENCODING ATTACK This rule normalizes multiple slashes in a row, so something like: "abc/// //////xyz" get normalized to "abc/xyz". NON-RFC-DEFINED-CHAR ATTACK This rule lets you receive a log or alert if certain non-RFC characters are used in a request URI. For instance, you may want to know if there are NULL bytes in the request-URI. NON-RFC-HTTP-DELIMITER ATTACK This is when a newline "\n" character is detected as a delimiter. This is non-standard but is accepted by both Apache and IIS web servers. OVERSIZE-CHUNK-ENCODING ATTACK This rule is an anomaly detector for abnormally large chunk sizes. This picks up the apache chunk encoding exploits and may also be triggered on HTTP tunneling that uses chunk encoding. OVERSIZE-REQUEST-URIDIRECTORY ATTACK This rule takes a non-zero positive integer as an argument. The argument specifies the max character directory length for URL directory. If a URL directory is larger than this argument size, an alert is generated. A good argument value is 300 characters. This should limit the alerts to IDS evasion type attacks, like whisker. SELF-DIRECTORY-TRAVERSAL This rule normalizes self-referential directories. So, "/abc/./xyz" gets ATTACK normalized to "/abc/xyz". U-ENCODING ATTACK This rule emulates the IIS %u encoding scheme. The %u encoding scheme starts with a %u followed by 4 characters, like %uXXXX. The XXXX is a hex encoded value that correlates to an IIS unicode codepoint. This is an ASCII value. An ASCII character is encoded like, %u002f = /, %u002e = ., etc. UTF-8-ENCODING ATTACK The UTF-8 decode rule decodes standard UTF-8 unicode sequences that are in the URI. This abides by the unicode standard and only uses % encoding. Apache uses this standard, so for any Apache servers, make sure you have this option turned on. When this rule is enabled, ASCII decoding is also enabled to enforce correct functioning. UAG715 User's Guide 331

Section	Page
UAG715	1
Contents Overview	3
Table of Contents	5
Introduction	19
1.1 Overview	19
1.1.1 Key Applications	19
1.2 Default Zones, Interfaces, and Ports	21
1.3 Management Overview	22
1.4 Web Configurator	22
1.4.1 Web Configurator Access	23
1.4.2 Web Configurator Screens Overview	23
1.4.3 Navigation Panel	26
1.4.4 Tables and Lists	30
1.5 Stopping the UAG	33
Hardware Installation and Connection	34
2.1 Rack-mounting	34
2.2 Front Panel	35
2.2.1 Front Panel LEDs	36
2.3 Rear Panel	36
Installation Setup Wizard	37
3.1 Installation Setup Wizard Screens	37
3.1.1 Internet Access Setup - WAN Interface	37
3.1.2 Internet Access: Ethernet	38
3.1.3 Internet Access: PPPoE	39
3.1.4 Internet Access: PPTP	41
3.1.5 ISP Parameters	41
3.1.6 Internet Access Setup - Second WAN Interface	42
3.1.7 Internet Access - Finish	43
3.2 Device Registration	44
Quick Setup Wizards	47
4.1 Quick Setup Overview	47
4.2 WAN Interface Quick Setup	47
4.2.1 Choose an Ethernet Interface	48
4.2.2 Select WAN Type	48
4.2.3 Configure WAN Settings	49
4.2.4 WAN and ISP Connection Settings	49
4.2.5 Quick Setup Interface Wizard: Summary	51
4.3 VPN Setup Wizard	52
4.3.1 Welcome	53
4.3.2 VPN Setup Wizard: Wizard Type	53
4.3.3 VPN Express Wizard - Scenario	54
4.3.4 VPN Express Wizard - Configuration	55
4.3.5 VPN Express Wizard - Summary	56
4.3.6 VPN Express Wizard - Finish	56
4.3.7 VPN Advanced Wizard - Scenario	57
4.3.8 VPN Advanced Wizard - Phase 1 Settings	58
4.3.9 VPN Advanced Wizard - Phase 2	59
4.3.10 VPN Advanced Wizard - Summary	60
4.3.11 VPN Advanced Wizard - Finish	61
Dashboard	63
5.1 Overview	63
5.1.1 What You Can Do in this Chapter	63
5.2 The Dashboard Screen	63
5.2.1 The CPU Usage Screen	68
5.2.2 The Memory Usage Screen	68
5.2.3 The Active Sessions Screen	69
5.2.4 The VPN Status Screen	70
5.2.5 The DHCP Table Screen	70
5.2.6 The Number of Login Users Screen	71
Monitor	73
6.1 Overview	73
6.1.1 What You Can Do in this Chapter	73
6.2 The Port Statistics Screen	74
6.2.1 The Port Statistics Graph Screen	75
6.3 Interface Status Screen	76
6.4 The Traffic Statistics Screen	78
6.5 The Session Monitor Screen	80
6.6 The DDNS Status Screen	82
6.7 IP/MAC Binding Monitor	83
6.8 The Login Users Screen	83
6.9 USB Storage Screen	84
6.10 VPN 1-1 Mapping Status	85
6.11 VPN 1-1 Mapping Statistics	86
6.12 The IPSec Monitor Screen	87
6.12.1 Regular Expressions in Searching IPSec SAs	88
6.13 The SSL Connection Monitor Screen	88
6.14 The Content Filter Statistics Screen	89
6.15 Content Filter Cache Screen	91
6.16 Log Screen	93
Registration	97
7.1 Overview	97
7.1.1 What You Can Do in this Chapter	97
7.1.2 What you Need to Know	97
7.2 Registration Screen	98
7.3 Service Screen	100
Interfaces	103
8.1 Interface Overview	103
8.1.1 What You Can Do in this Chapter	103
8.1.2 What You Need to Know	103
8.2 Port Role Screen	106
8.3 Ethernet Summary Screen	107
8.3.1 Ethernet Edit	108
8.3.2 Object References	115
8.4 PPP Interfaces	115
8.4.1 PPP Interface Summary	116
8.4.2 PPP Interface Add or Edit	117
8.5 VLAN Interfaces	121
8.5.1 VLAN Summary Screen	122
8.5.2 VLAN Add/Edit	123
8.6 Bridge Interfaces	128
8.6.1 Bridge Summary	130
8.6.2 Bridge Add/Edit	131
8.7 Virtual Interfaces	136
8.7.1 Virtual Interfaces Add/Edit	136
8.8 Interface Technical Reference	137
Trunks	143
9.1 Overview	143
9.1.1 What You Can Do in this Chapter	143
9.1.2 What You Need to Know	143
9.2 The Trunk Summary Screen	146
9.2.1 Configuring a User-Defined Trunk	148
9.2.2 Configuring the System Default Trunk	150
Policy and Static Routes	153
10.1 Policy and Static Routes Overview	153
10.1.1 What You Can Do in this Chapter	153
10.1.2 What You Need to Know	154
10.2 Policy Route Screen	155
10.2.1 Policy Route Edit Screen	157
10.3 IP Static Route Screen	161
10.3.1 Static Route Add/Edit Screen	162
10.4 Policy Routing Technical Reference	163
Routing Protocols	165
11.1 Routing Protocols Overview	165
11.1.1 What You Can Do in this Chapter	165
11.1.2 What You Need to Know	165
11.2 The RIP Screen	165
11.3 The OSPF Screen	167
11.3.1 Configuring the OSPF Screen	170
11.3.2 OSPF Area Add/Edit Screen	172
11.3.3 Virtual Link Add/Edit Screen	174
11.4 Routing Protocol Technical Reference	174
Zones	177
12.1 Zones Overview	177
12.1.1 What You Can Do in this Chapter	177
12.1.2 What You Need to Know	177
12.2 The Zone Screen	178
12.3 Zone Edit	179
DDNS	181
13.1 DDNS Overview	181
13.1.1 What You Can Do in this Chapter	181
13.1.2 What You Need to Know	181
13.2 The DDNS Screen	182
13.2.1 The Dynamic DNS Add/Edit Screen	183
NAT	187
14.1 NAT Overview	187
14.1.1 What You Can Do in this Chapter	187
14.1.2 What You Need to Know	187
14.2 The NAT Screen	188
14.2.1 The NAT Add/Edit Screen	189
14.3 NAT Technical Reference	191
VPN 1-1 Mapping	195
15.1 VPN 1-1 Mapping Overview	195
15.1.1 What You Can Do in this Chapter	195
15.1.2 What You Need to Know	196
15.2 The VPN 1-1 Mapping Screen	196
15.2.1 The VPN 1-1 Mapping Edit Screen	197
15.3 The VPN 1-1 Mapping Profile Screen	198
HTTP Redirect	201
16.1 Overview	201
16.1.1 What You Can Do in this Chapter	201
16.1.2 What You Need to Know	201
16.2 The HTTP Redirect Screen	202
16.2.1 The HTTP Redirect Edit Screen	203
SMTP Redirect	205
17.1 Overview	205
17.1.1 What You Can Do in this Chapter	205
17.1.2 What You Need to Know	205
17.2 The SMTP Redirect Screen	206
17.2.1 The SMTP Redirect Edit Screen	207
ALG	209
18.1 ALG Overview	209
18.1.1 What You Can Do in this Chapter	209
18.1.2 What You Need to Know	209
18.1.3 Before You Begin	212
18.2 The ALG Screen	212
18.3 ALG Technical Reference	214
IP/MAC Binding	217
19.1 IP/MAC Binding Overview	217
19.1.1 What You Can Do in this Chapter	217
19.1.2 What You Need to Know	217
19.2 IP/MAC Binding Summary	218
19.2.1 IP/MAC Binding Edit	219
19.2.2 Static DHCP Edit	220
19.3 IP/MAC Binding Exempt List	220
Web Authentication	223
20.1 Overview	223
20.1.1 What You Can Do in this Chapter	224
20.1.2 What You Need to Know	224
20.2 Web Authentication Screen	225
20.2.1 Creating/Editing an Authentication Policy	228
20.3 User-aware Access Control Example	230
20.3.1 Set Up User Accounts	230
20.3.2 Set Up User Groups	231
20.3.3 Set Up User Authentication Using the RADIUS Server	231
20.3.4 User Group Authentication Using the RADIUS Server	234
20.4 Endpoint Security (EPS) Example	235
20.4.1 Configure the Endpoint Security Objects	235
20.4.2 Configure the Authentication Policy	237
Firewall	239
21.1 Overview	239
21.1.1 What You Can Do in this Chapter	239
21.1.2 What You Need to Know	239
21.2 The Firewall Screen	242
21.2.1 Configuring the Firewall Screen	242
21.2.2 The Firewall Add/Edit Screen	245
21.3 The Session Limit Screen	246
21.3.1 The Session Limit Add/Edit Screen	247
21.4 Firewall Rule Configuration Example	248
21.5 Firewall Rule Example Applications	250
IPSec VPN	253
22.1 Virtual Private Networks (VPN) Overview	253
22.1.1 What You Can Do in this Chapter	254
22.1.2 What You Need to Know	254
22.1.3 Before You Begin	256
22.2 The VPN Connection Screen	256
22.2.1 The VPN Connection Add/Edit (IKE) Screen	257
22.2.2 The VPN Connection Add/Edit Manual Key Screen	263
22.3 The VPN Gateway Screen	265
22.3.1 The VPN Gateway Add/Edit Screen	266
22.4 IPSec VPN Background Information	272
SSL VPN	285
23.1 Overview	285
23.1.1 What You Can Do in this Chapter	285
23.1.2 What You Need to Know	285
23.2 The SSL Access Privilege Screen	286
23.2.1 The SSL Access Policy Add/Edit Screen	287
23.3 The SSL Global Setting Screen	290
23.3.1 How to Upload a Custom Logo	292
23.4 SSL VPN Example	293
SSL User Screens	295
24.1 Overview	295
24.1.1 What You Need to Know	295
24.2 Remote SSL User Login	296
24.3 The SSL VPN User Screens	299
24.4 Bookmarking the UAG	300
24.5 Logging Out of the SSL VPN User Screens	301
24.6 SSL User Application Screen	301
ZyWALL SecuExtender	303
25.1 The ZyWALL SecuExtender Icon	303
25.2 Status	303
25.3 View Log	304
25.4 Suspend and Resume the Connection	305
25.5 Stop the Connection	305
25.6 Uninstalling the ZyWALL SecuExtender	305
Bandwidth Management	307
26.1 Overview	307
26.1.1 What You Can Do in this Chapter	307
26.1.2 What You Need to Know	307
26.2 The Bandwidth Management Screen	311
26.2.1 The Bandwidth Management Add/Edit Screen	313
ADP	317
27.1 Overview	317
27.1.1 What You Can Do in this Chapter	317
27.1.2 What You Need To Know	317
27.1.3 Before You Begin	318
27.2 The ADP General Screen	318
27.3 The Profile Summary Screen	319
27.3.1 Configuring The ADP Profile Summary Screen	319
27.3.2 Base Profiles	320
27.3.3 Creating New ADP Profiles	321
27.3.4 Traffic Anomaly Profiles	321
27.3.5 Protocol Anomaly Profiles	324
27.3.6 Protocol Anomaly Configuration	324
27.4 ADP Technical Reference	327
Content Filtering	333
28.1 Overview	333
28.1.1 What You Can Do in this Chapter	333
28.1.2 What You Need to Know	333
28.1.3 Before You Begin	334
28.2 Content Filter General Screen	335
28.2.1 Content Filter Policy Add or Edit Screen	337
28.3 Content Filter Profile Screen	338
28.4 Content Filter Category Service Screen	339
28.4.1 Content Filter Blocked and Warning Messages	350
28.5 Content Filter Custom Service Screen	350
28.6 Content Filter Technical Reference	353
User/Group	355
29.1 Overview	355
29.1.1 What You Can Do in this Chapter	355
29.1.2 What You Need To Know	355
29.2 User Summary Screen	357
29.2.1 User Add/Edit Screen	358
29.3 User Group Summary Screen	360
29.3.1 Group Add/Edit Screen	361
29.4 The User/Group Setting Screen	362
29.4.1 Default User Settings Edit Screens	364
29.4.2 User Aware Login Example	365
29.5 User /Group Technical Reference	366
Addresses	368
30.1 Overview	368
30.1.1 What You Can Do in this Chapter	368
30.1.2 What You Need To Know	368
30.2 Address Summary Screen	368
30.2.1 Address Add/Edit Screen	369
30.3 Address Group Summary Screen	370
30.3.1 Address Group Add/Edit Screen	371
Services	373
31.1 Overview	373
31.1.1 What You Can Do in this Chapter	373
31.1.2 What You Need to Know	373
31.2 The Service Summary Screen	374
31.2.1 The Service Add/Edit Screen	375
31.3 The Service Group Summary Screen	376
31.3.1 The Service Group Add/Edit Screen	376
Schedules	378
32.1 Overview	378
32.1.1 What You Can Do in this Chapter	378
32.1.2 What You Need to Know	378
32.2 The Schedule Summary Screen	379
32.2.1 The One-Time Schedule Add/Edit Screen	380
32.2.2 The Recurring Schedule Add/Edit Screen	381
AAA Server	382
33.1 Overview	382
33.1.1 Directory Service (AD/LDAP)	382
33.1.2 RADIUS Server	382
33.1.3 What You Can Do in this Chapter	383
33.1.4 What You Need To Know	383
33.2 Active Directory or LDAP Server Summary	384
33.2.1 Adding an Active Directory or LDAP Server	385
33.3 RADIUS Server Summary	387
33.3.1 Adding a RADIUS Server	388
Authentication Method	390
34.1 Overview	390
34.1.1 What You Can Do in this Chapter	390
34.1.2 Before You Begin	390
34.1.3 Example: Selecting a VPN Authentication Method	390
34.2 Authentication Method Objects	391
34.2.1 Creating an Authentication Method Object	391
Certificates	394
35.1 Overview	394
35.1.1 What You Can Do in this Chapter	394
35.1.2 What You Need to Know	394
35.1.3 Verifying a Certificate	396
35.2 The My Certificates Screen	397
35.2.1 The My Certificates Add Screen	398
35.2.2 The My Certificates Edit Screen	401
35.2.3 The My Certificates Import Screen	404
35.3 The Trusted Certificates Screen	405
35.3.1 The Trusted Certificates Edit Screen	406
35.3.2 The Trusted Certificates Import Screen	409
ISP Accounts	411
36.1 Overview	411
36.1.1 What You Can Do in this Chapter	411
36.2 ISP Account Summary	411
36.2.1 ISP Account Edit	412
SSL Application	414
37.1 Overview	414
37.1.1 What You Can Do in this Chapter	414
37.1.2 What You Need to Know	414
37.1.3 Example: Specifying a Web Site for Access	415
37.2 The SSL Application Screen	416
37.2.1 Creating/Editing an SSL Application Object	417
Endpoint Security	419
38.1 Overview	419
38.1.1 What You Can Do in this Chapter	419
38.1.2 What You Need to Know	420
38.2 Endpoint Security Screen	420
38.3 Endpoint Security Add/Edit	421
System	427
39.1 Overview	427
39.1.1 What You Can Do in this Chapter	427
39.2 Host Name	428
39.3 USB Storage	428
39.4 Date and Time	429
39.4.1 Pre-defined NTP Time Servers List	432
39.4.2 Time Server Synchronization	432
39.5 Console Port Speed	433
39.6 DNS Overview	434
39.6.1 DNS Server Address Assignment	434
39.6.2 Configuring the DNS Screen	434
39.6.3 Address Record	436
39.6.4 PTR Record	436
39.6.5 Adding an Address/PTR Record	436
39.6.6 Domain Zone Forwarder	437
39.6.7 Adding a Domain Zone Forwarder	437
39.6.8 MX Record	438
39.6.9 Adding a MX Record	438
39.6.10 Adding a DNS Service Control Rule	439
39.7 WWW Overview	439
39.7.1 Service Access Limitations	440
39.7.2 System Timeout	440
39.7.3 HTTPS	440
39.7.4 Configuring WWW Service Control	441
39.7.5 Service Control Rules	444
39.7.6 Customizing the WWW Login Page	445
39.7.7 HTTPS Example	449
39.8 SSH	456
39.8.1 How SSH Works	457
39.8.2 SSH Implementation on the UAG	458
39.8.3 Requirements for Using SSH	458
39.8.4 Configuring SSH	458
39.8.5 Secure Telnet Using SSH Examples	459
39.9 Telnet	461
39.9.1 Configuring Telnet	461
39.10 FTP	462
39.10.1 Configuring FTP	462
39.11 SNMP	463
39.11.1 Supported MIBs	464
39.11.2 SNMP Traps	465
39.11.3 Configuring SNMP	465
Log and Report	467
40.1 Overview	467
40.1.1 What You Can Do In this Chapter	467
40.2 Email Daily Report	467
40.3 Log Setting Screens	469
40.3.1 Log Setting Summary	469
40.3.2 Edit System Log Settings	471
40.3.3 Edit Log on USB Storage Setting	473
40.3.4 Edit Remote Server Log Settings	475
40.3.5 Active Log Summary Screen	477
File Manager	481
41.1 Overview	481
41.1.1 What You Can Do in this Chapter	481
41.1.2 What you Need to Know	481
41.2 The Configuration File Screen	483
41.3 The Firmware Package Screen	487
41.4 The Shell Script Screen	489
Diagnostics	492
42.1 Overview	492
42.1.1 What You Can Do in this Chapter	492
42.2 The Diagnostics Screen	492
42.2.1 The Diagnostics Files Screen	493
42.3 The Packet Capture Screen	494
42.3.1 The Packet Capture Files Screen	496
42.4 Core Dump Screen	497
42.4.1 Core Dump Files Screen	497
42.5 The System Log Screen	498
Packet Flow Explore	500
43.1 Overview	500
43.1.1 What You Can Do in this Chapter	500
43.2 The Routing Status Screen	500
43.3 The SNAT Status Screen	505
Reboot	509
44.1 Overview	509
44.1.1 What You Need To Know	509
44.2 The Reboot Screen	509
Shutdown	510
45.1 Overview	510
45.1.1 What You Need To Know	510
45.2 The Shutdown Screen	510
Troubleshooting	511
46.1 Resetting the UAG	519
46.2 Getting More Troubleshooting Help	520
Legal Information	521

Match case Limit results 1 per page

Chapter 27 ADP

UAG715 User’s Guide

331

BARE-BYTE-UNICODING-

ENCODING ATTACK

Bare byte encoding uses non-ASCII characters as valid values in

decoding UTF-8 values. This is NOT in the HTTP standard, as all non-

ASCII values have to be encoded with a %. Bare byte encoding allows

the user to emulate an IIS server and interpret non-standard encodings

correctly.

BASE36-ENCODING ATTACK

This is a rule to decode base36-encoded characters. This rule can detect

attacks where malicious attackers use base36-encoding to encode attack

strings. Attackers may use this method to bypass system parameter

checks in order to get information or privileges from a web server.

DIRECTORY-TRAVERSAL

ATTACK

This rule normalizes directory traversals and self-referential directories.

So, “/abc/this_is_not_a_real_dir/../xyz” get normalized to “/abc/xyz”.

Also, “/abc/./xyz” gets normalized to “/abc/xyz”. If a user wants to

configure an alert, then specify “yes”, otherwise “no”. This alert may give

false positives since some web sites refer to files using directory

traversals.

DOUBLE-ENCODING ATTACK

This rule is IIS specific. IIS does two passes through the request URI,

doing decodes in each one. In the first pass, IIS encoding (UTF-8

unicode, ASCII, bare byte, and %u) is done. In the second pass ASCII,

bare byte, and %u encodings are done.

IIS-BACKSLASH-EVASION

ATTACK

This is an IIS emulation rule that normalizes backslashes to slashes.

Therefore, a request-URI of “/abc\xyz” gets normalized to “/abc/xyz”.

IIS-UNICODE-CODEPOINT-

ENCODING ATTACK

This rule can detect attacks which send attack strings containing non-

ASCII characters encoded by IIS Unicode. IIS Unicode encoding

references the unicode.map file. Attackers may use this method to

bypass system parameter checks in order to get information or privileges

from a web server.

MULTI-SLASH-ENCODING

ATTACK

This rule normalizes multiple slashes in a row, so something like: “abc///

//////xyz” get normalized to “abc/xyz”.

NON-RFC-DEFINED-CHAR

ATTACK

This rule lets you receive a log or alert if certain non-RFC characters are

used in a request URI. For instance, you may want to know if there are

NULL bytes in the request-URI.

NON-RFC-HTTP-DELIMITER

ATTACK

This is when a newline “\n” character is detected as a delimiter. This is

non-standard but is accepted by both Apache and IIS web servers.

OVERSIZE-CHUNK-ENCODING

ATTACK

This rule is an anomaly detector for abnormally large chunk sizes. This

picks up the apache chunk encoding exploits and may also be triggered

on HTTP tunneling that uses chunk encoding.

OVERSIZE-REQUEST-URI-

DIRECTORY ATTACK

This rule takes a non-zero positive integer as an argument. The

argument specifies the max character directory length for URL directory.

If a URL directory is larger than this argument size, an alert is generated.

A good argument value is 300 characters. This should limit the alerts to

IDS evasion type attacks, like whisker.

SELF-DIRECTORY-TRAVERSAL

ATTACK

This rule normalizes self-referential directories. So, “/abc/./xyz” gets

normalized to “/abc/xyz”.

U-ENCODING ATTACK

This rule emulates the IIS %u encoding scheme. The %u encoding

scheme starts with a %u followed by 4 characters, like %uXXXX. The

XXXX is a hex encoded value that correlates to an IIS unicode codepoint.

This is an ASCII value. An ASCII character is encoded like, %u002f = /,

%u002e = ., etc.

UTF-8-ENCODING ATTACK

The UTF-8 decode rule decodes standard UTF-8 unicode sequences that

are in the URI. This abides by the unicode standard and only uses %

encoding. Apache uses this standard, so for any Apache servers, make

sure you have this option turned on. When this rule is enabled, ASCII

decoding is also enabled to enforce correct functioning.

Table 125

HTTP Inspection and TCP/UDP/ICMP Decoders (continued)

LABEL

DESCRIPTION