HTTP unknown protocol (HTTP_Unknown_Protocol)

About this signature or vulnerability

Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Server IPS for Linux technology, Proventia Desktop, Proventia Network IPS, BlackICE Agent for Server, RealSecure Server Sensor, RealSecure Network, BlackICE PC Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection:

This signature detects 3-way handshake on port 80, followed by a non HTTP compliant request, followed by a non HTTP compliant response.

False negatives

Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Server IPS for Linux technology, Proventia Desktop, Proventia Network IPS, BlackICE Agent for Server, RealSecure Server Sensor, RealSecure Network, BlackICE PC Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection: If a tunnelling application uses valid HTTP protocol to deliver content (in example, by using the POST method), then this this signature will not trigger.

Default risk level

 Low

Sensors that have this signature

Proventia-G 1.1 and earlier: XPU 24.11, Proventia Network MFS: XPU 1.50, Proventia Server IPS for Linux technology: 1.0, Proventia Desktop: 8.0.614.8, Proventia Network IPS: XPU 1.50, BlackICE Agent for Server: 3.6eok, RealSecure Server Sensor: XPU 24.11, RealSecure Network: XPU 24.11, BlackICE PC Protection: 3.6cpa, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, BlackICE Server Protection: 3.6.cpa

Systems affected

Microsoft Windows 98, Novell NetWare, SCO SCO Unix, Microsoft Windows NT: 4.0, Data General DG/UX, SGI IRIX, Linux Kernel, Sun Solaris, WindRiver BSDOS, HP HP-UX, IBM AIX, IBM OS2, Microsoft Windows 95, Microsoft Windows Me, Cisco IOS, Microsoft Windows 98SE, Microsoft Windows 2000, Apple Mac OS, Compaq Tru64, Microsoft Windows XP, Microsoft Windows 2003 Server

Type

Protocol Signature

Vulnerability description

How to remove this vulnerability

References