WAF 330034

From Atomicorp Wiki
Jump to: navigation, search
Rule 330034
Status Active
Alert Message Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected

Contents

[edit] Description

This rule is triggered when known vulnerability scanners and attack tools attempt to connect to the server. The following tools are detected:

  • nsauditor
  • n-stealth
  • nessus
  • network-services-auditor
  • nikto
  • nmap
  • black window
  • brutus
  • bilbo
  • webinspect
  • webroot
  • pmafind
  • paros
  • pavuk
  • cgichk
  • jasscois
  • NASL scripts
  • metis
  • webtrends security analyzer
  • w3af
  • zemu attack tool
  • springenwerk
  • arachni
  • acunetix
  • havij attack tool

[edit] Troubleshooting

[edit] False Positives

There are no known false positives with this rule, however if you find that this rule is triggered for a client that is not using a vulnerability scanner or attack tool please report this to us using the procedure documented in the Reporting_False_Positives page.

[edit] Tuning Guidance

If you wish to allow connections from vulnerability scanners or attack tools we recommend you whitelist the source IPs as opposed to disabling this rule. Please see the Tuning the Atomicorp WAF Rules page for more information.

[edit] Additional Information

[edit] Similar Rules

None.

[edit] Knowledge Base Articles

None.

[edit] Outside References

None.

Personal tools