Scribd Logo
Upload

Welcome to Scribd!

  • 08.DefensePro Index Attacks Type

    Uploaded by

    Le Vinh Hien
    34 views4 pages

    Original Title

    08.DefensePro index attacks type

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    34 views4 pages

    08.DefensePro Index Attacks Type

    Uploaded by

    Le Vinh Hien

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    DefensePro index attacks type https://support.radware.com/app/answers/answer_view/a_id/15908/~/de...

    Check the DefensePro User Guide in for the most updated list of Attack-Protection IDs of the DefensePro version you are using.

    This list is relevant for DefensePro version 8.24.0

    ID Number or Attack-Protection Name Category Default Default Report Description


    Range (for Reporting) Risk Action Action
    8 Blocklist Access Blocklist access violation
    9 Allowlist N/A Allowlist occurences are not
    reported as security events.
    70 Network flood IPv4 UDP Behavioral- Network flood IPv4 UDP.
    DoS
    71 Network flood IPv4 ICMP Behavioral- Network flood IPv4 ICMP.
    DoS
    72 Network flood IPv4 IGMP Behavioral- Network flood IPv4 IGMP.
    DoS
    73 Network flood IPv4 TCP- Behavioral- Network flood IPv4 TCP with SYN
    SYN DoS flag.
    74 Network flood IPv4 TCP- Behavioral- Network flood IPv4 TCP with RST
    RST DoS flag.
    76 Network flood IPv4 TCP- Behavioral- Network flood IPv4 TCP with PSH
    PSH DoS flag.
    77 Network flood IPv4 TCP- Behavioral- Network flood IPv4 TCP with FIN
    FIN DoS flag.
    78 Network flood IPv4 TCP- Behavioral- Network flood IPv4 TCP with SYN
    SYN-ACK DoS and ACK flags
    79 Network flood IPv4 TCP- Behavioral- Network flood IPv4 TCP with FRAG
    FRAG DoS flag.
    80 Network flood IPv6 UDP Behavioral- Network flood IPv6 UDP.
    DoS
    81 Network flood IPv6 ICMP Behavioral- Network flood IPv6 ICMP.
    DoS

    1 of 4 10/6/2022, 11:17 AM
    DefensePro index attacks type https://support.radware.com/app/answers/answer_view/a_id/15908/~/de...

    83 Network flood IPv6 TCP- Behavioral- Network flood IPv6 TCP with SYN
    SYN DoS flag.
    84 Network flood IPv6 TCP- Behavioral- Network flood IPv6 TCP with RST
    RST DoS flag.
    86 Network flood IPv6 TCP- Behavioral- Network flood IPv6 TCP with PSH
    PSH DoS flag.
    87 Network flood IPv6 TCP- Behavioral- Network flood IPv6 TCP with FIN
    FIN DoS flag.
    88 Network flood IPv6 TCP- Behavioral- Network flood IPv6 TCP with SYN
    SYN-ACK DoS and ACK flags.
    89 Network flood IPv6 TCP- Behavioral- Network flood IPv6 TCP with FRAG
    FRAG DoS flag.
    90 Network flood IPv4 UDP- Behavioral- Network flood IPv4 UDP with FRAG
    FRAG DoS flag.
    91 Network flood IPv6 UDP- Behavioral- Network flood IPv6 UDP with FRAG
    FRAG DoS flag.
    100 Unrecognized L2 Format Anomalies Low No-report Process Unrecognized L2 format.
    103 Incorrect IPv4 checksum Anomalies Low Block Bypass Incorrect IPv4 checksum.
    104 Invalid IPv4 Header or Anomalies Low Block Bypass Invalid IPv4 header or total length.
    Total Length
    105 TTL Less Than or Equal to Anomalies Low Report Process TTL less than or equal to 1.
    1
    107 Inconsistent IPv6 Headers Anomalies Low Block Bypass Inconsistent IPv6 headers.
    108 IPv6 Hop Limit Reached Anomalies Low Report Process IPv6 hop limit reached.
    110 Unsupported L4 Protocol Anomalies Low No-report Process Unsupported L4 protocol.
    113 Invalid TCP Flags Anomalies Low Block Bypass Invalid TCP flags.
    119 Source or Dest Address Anomalies Low Block Bypass Source or destination IP address
    same as Local Host same as local host.
    120 Source Address same as Anomalies Low Block Bypass Source IP address same as
    Dest Address (Land destination IP address (Land
    Attack) Attack).
    The common vulnerability
    enumerator (CVE) for this signature
    is CVE-1999-0016.
    125 L4 Source or Dest Port Anomalies Low Block Bypass Layer 4 source or destination port
    Zero are zero.
    126 Incorrect GRE Version Anomalies Low Report Bypass Matches packets whose GRE version
    is not 0 or 1.
    128 Invalid GRE Header Anomalies Low Report Bypass Matches packets where one or more
    flags are not RFC compliant or there
    are partial or sliced packets.
    131 Invalid L4 Header Length Anomalies Low Block Bypass Invalid L4 header length
    240 TCP Out-of-State Anomalies TCP Out-of-State floods.
    350 SCAN_TCP_SCAN Anti Scan TCP scanning attempt.
    351 SCAN_UDP_SCAN Anti Scan UDP scanning attempt.
    352 SCAN_ICMP_SCAN Anti Scan ICMP scanning attempt.
    450 DNS flood IPv4 DNS-A DNS-Protection DNS A query flood over IPv4.
    451 DNS flood IPv4 DNS-MX DNS-Protection DNS MX query flood over IPv4.
    452 DNS flood IPv4 DNS-PTR DNS-Protection DNS PTR query flood over IPv4.
    453 DNS flood IPv4 DNS-AAAA DNS-Protection DNS AAAA query flood over IPv4.
    454 DNS flood IPv4 DNS-Text DNS-Protection DNS Text query flood over IPv4.
    455 DNS flood IPv4 DNS-SOA DNS-Protection DNS SOA query flood over IPv4.
    456 DNS flood IPv4 DNS- DNS-Protection DNS NAPTR query flood over IPv4.
    NAPTR
    457 DNS flood IPv4 DNS-SRV DNS-Protection DNS SRV query flood over IPv4.
    458 DNS flood IPv4 DNS-Other DNS-Protection DNS Other queries flood over IPv4.
    459 DNS flood IPv4 DNS-ALL DNS-Protection DNS query flood over IPv4.
    460 DNS flood IPv6 DNS-A DNS-Protection DNS A query flood over IPv6.
    461 DNS flood IPv6 DNS-MX DNS-Protection DNS MX query flood over IPv6.
    462 DNS flood IPv6 DNS-PTR DNS-Protection DNS PTR query flood over IPv6.
    463 DNS flood IPv6 DNS-AAAA DNS-Protection DNS AAAA query flood over IPv6.
    464 DNS flood IPv6 DNS-Text DNS-Protection DNS Text query flood over IPv6.
    465 DNS flood IPv6 DNS-SOA DNS-Protection DNS SOA query flood over IPv6.
    466 DNS flood IPv6 DNS- DNS-Protection DNS NAPTR query flood over IPv6.
    NAPTR
    467 DNS flood IPv6 DNS-SRV DNS-Protection DNS SRV query flood over IPv6.
    468 DNS flood IPv6 DNS-Other DNS-Protection DNS Other queries flood over IPv6.

    2 of 4 10/6/2022, 11:17 AM
    DefensePro index attacks type https://support.radware.com/app/answers/answer_view/a_id/15908/~/de...

    469 DNS flood IPv6 DNS-ALL DNS-Protection DNS query flood over IPv6.
    470 DNS RFC- DNS-Protection Low Drop DNS RFC-compliance violation for
    compliance violation DNS queries.
    700 HTTPS Flood protection Https HTTPS Flood Protection defends
    against HTTPS-flood attacks that
    send malicious HTTPS requests to
    protected HTTPS servers.
    720 SYN Flood protection High According to Start, ongoing, and termination of
    policy Action attacks per protection policy.
    727 SYN Protect full table Medium According to Used when the SYN Flood Protection
    policy Action table is full and the module cannot
    handle more concurrent
    authentication processes. New
    verified ACK (or data) packets will
    be discarded as long as the table is
    full.
    800 GEO Protection GeoFeed Geolocation protection blocks all
    traffic from selected geolocations.
    Customers can configure specific
    permanently blocked locations or
    use the Geolocation Map to
    temporarily block traffic from
    selected geolocations
    1282 EAAF Protection ErtFeed ERT Active Attackers Feed (EAAF)
    profiles use the EAAF subscription
    service to identify and block source
    IP addresses involved in major
    attacks in real-time to provide
    preemptive protection from known
    attackers.
    1,000 - 100,000 DoS Shield signatures or DoS Range for signatures, from the
    intrusion-protection Security Operations Center (SOC)
    signatures signature file. Odd ID numbers are
    DoS shield signatures. Even ID
    numbers are Intrusion signatures.
    200,000 HTTP SynFlood Medium According to Predefined HTTP-SYN-flood attack
    policy Action protection.
    200,001 HTTPS SynFlood Medium According to Predefined HTTPS-SYN-flood attack
    policy Action protection.
    200,002 RTSP SynFlood Medium According to Predefined RTSP-SYN-flood attack
    policy Action protection.
    200,003 FTP_CTRL SynFlood Medium According to Predefined FTP_CTRL-SYN-flood
    policy Action attack protection.
    200,004 POP3 SynFlood Medium According to Predefined POP3-SYN-flood attack
    policy Action protection.
    200,005 IMAP SynFlood Medium According to Predefined IMAP-SYN-flood attack
    policy Action protection.
    200,006 SMTP SynFlood Medium According to Predefined SMTP-SYN-flood attack
    policy Action protection.
    200,007 TELNET SynFlood Medium According to Predefined TELNET-SYN-flood attack
    policy Action protection.
    200,008 RPC SynFlood Medium According to Predefined RPC-SYN-flood attack
    policy Action protection.
    300,000 - 449,999 User-defined custom DoS Range for user-defined protections.
    signatures The device generates the ID number
    sequentially when the user creates
    the signature.
    450,000 - 475,000 User-defined Connection DoS Range for user-defined Connection
    Limit protections Limit protections. The device
    generates the ID number
    sequentially when the user creates
    the protection.
    500,000 - 599,999 User-defined SYN-flood SYNFlood Low According to Range for user-defined SYN-flood
    protections policy Action protections device generates the ID
    number sequentially when the user
    creates the protection.
    600,000 - 675,000 User-defined Connection DoS Range for user-defined Connection
    PPS protections PPS / Connection PPS

    3 of 4 10/6/2022, 11:17 AM
    DefensePro index attacks type https://support.radware.com/app/answers/answer_view/a_id/15908/~/de...

    Limit protections device generates


    the ID number sequentially when
    the user creates the protection.
    700,000 - User-defined Traffic Filters Traffic Filters High Drop Range for user-defined Traffic
    1,000,000 Filters. The device generates the ID
    number sequentially when the user
    creates the Traffic Filter.

    4 of 4 10/6/2022, 11:17 AM

    You might also like