LowRealSecure Desktop Protector 3.6, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, BlackICE Agent for Server, BlackICE PC Protection, BlackICE Server Protection, Proventia Desktop, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects 3-way handshake on port 80, followed by a non HTTP compliant request, followed by a non HTTP compliant response.
RealSecure Desktop Protector 3.6, Proventia Network IPS, RealSecure Network, RealSecure Server Sensor, BlackICE Agent for Server, BlackICE PC Protection, BlackICE Server Protection, Proventia Desktop, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware: If a tunnelling application uses valid HTTP protocol to deliver content (in example, by using the POST method), then this this signature will not trigger.
Low
RealSecure Desktop Protector 3.6: eok, RealSecure Desktop: eok, Proventia Network IPS: XPU 1.50, RealSecure Network: XPU 24.11, RealSecure Server Sensor: XPU 24.11, BlackICE Agent for Server: 3.6eok, BlackICE PC Protection: 3.6cpa, BlackICE Server Protection: 3.6.cpa, Proventia Desktop: 8.0.614.8, Proventia Network IDS: XPU 24.11, Proventia-G 1.1 and earlier: XPU 24.11, Proventia Network MFS: XPU 1.50, IBM Security Server Protection for Windows: 1.0.914.0, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0
IETF HTTP/1.1
Protocol Signature
HTTP (port 80) can be used to tunnel unwanted traffic through firewalls.Traffic on port 80 that is not HTTP compliant has been detected.
This event is for informational purposes only.
ISS X-Force
HTTP unknown protocol
http://www.iss.net/security_center/static/21259.php