Difference between revisions of "WAF 330034"
From Atomicorp Wiki
(Created page with "{{Infobox |header1= Rule 330034 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected }} = Des...") |
Latest revision as of 12:24, 3 September 2013
| Rule 330034 | |
|---|---|
| Status | Active |
| Alert Message | Atomicorp.com WAF Rules: Vulnerability Scanner User agent detected |
Contents |
[edit] Description
This rule is triggered when known vulnerability scanners and attack tools attempt to connect to the server. The following tools are detected:
- nsauditor
- n-stealth
- nessus
- network-services-auditor
- nikto
- nmap
- black window
- brutus
- bilbo
- webinspect
- webroot
- pmafind
- paros
- pavuk
- cgichk
- jasscois
- NASL scripts
- metis
- webtrends security analyzer
- w3af
- zemu attack tool
- springenwerk
- arachni
- acunetix
- havij attack tool
[edit] Troubleshooting
[edit] False Positives
There are no known false positives with this rule, however if you find that this rule is triggered for a client that is not using a vulnerability scanner or attack tool please report this to us using the procedure documented in the Reporting_False_Positives page.
[edit] Tuning Guidance
If you wish to allow connections from vulnerability scanners or attack tools we recommend you whitelist the source IPs as opposed to disabling this rule. Please see the Tuning the Atomicorp WAF Rules page for more information.
[edit] Additional Information
[edit] Similar Rules
None.
[edit] Knowledge Base Articles
None.
[edit] Outside References
None.
