We have experienced problems with some different game servers as well as Napster traffic causing the BO2K stealth signatures to fire. These signatures are tuned to look for weaknesses in the encryption technology used in the tool. Unfortunately although the signature reliably will detect the presence of the BO2K tool being used, certain other network traffic mimics the traffic patterns.
We are constantly including new decision points in the signature to exclude known good traffic patterns from consideration. If you can provide a tcpdump trace of the benign traffic that is firing the alarm we will add this traffic type to our filter in a future release.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...