When the sensor(s) see's what might be a unicode attack and does a tcp reset when it fires, will it reset every port 80 requests going on to the source address?
I have XML requests that are encoded, they look like a possible unicode attack and my Oracle logs state the connection was reset by peer. The IIS/Jrun server is on the outside and the oracle server is in the inside with the sensor setting on the outside with the IIS server.
TCP reset is best effort and sends the reset to any request matching the signature. If the signature configured for RESET is of port 80, then all port 80 requests scanned for the said signature will get resets.
If your think you xml is causing the unicode alarm to fire. Then you may want to disable TCP Resets for that alarm.
If you want to find out if this may be a sensor error. Then use a sniffer to capture a sample session and replay it past a sensor to see if it fires the unicode alarm.
If that session does fire the alarm, then you can contact the TAC and provide them a copy of that session. The TAC can then pass it on to the signature development team. The signature team can then tell you if we have a sensor bug that we can fix, or if your xml looks so much like unicode that we would have to enter it into the NSDB as a benign trigger for that alarm.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...