RealSecure Desktop Protector 3.6, BlackICE Agent for Server, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IDS, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection:
This signature detects a simple NOOP sled in an 'unescape()' JavaScript function.
BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IDS, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection: A false positive is possible when the patterns matched by this signature are used legitimately, typically found in environments where unicode is used heavily and also formated using 'unescape' functions.
BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia Desktop, Proventia Network IDS, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Network MFS, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection: This signature is easily evadable through clever obfuscation.
High
RealSecure Desktop Protector 3.6: epc, RealSecure Desktop: epc, BlackICE Agent for Server: 3.6epc, BlackICE PC Protection: 3.6cpc, RealSecure Server Sensor: XPU 24.32, RealSecure Network: XPU 24.32, Proventia Desktop: 8.0.675.1710, Proventia Network IDS: XPU 24.32, Proventia Server IPS for Linux technology: 1.0, Proventia Network IPS: XPU 1.71, Proventia-G 1.1 and earlier: XPU 24.32, Proventia Network MFS: XPU 1.71, Proventia Server IPS for Microsoft Windows technology: 1.0.914.1710, BlackICE Server Protection: 3.6.cpc
IBM AIX, WindRiver BSDOS, HP HP-UX, SGI IRIX, Linux Kernel, Sun Solaris, IBM OS2, Microsoft Windows 95, Data General DG/UX, Microsoft Windows NT: 4.0, Microsoft Windows 98, SCO SCO Unix, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Compaq Tru64, Microsoft Windows XP, Apple Mac OS, Microsoft Windows 2003 Server
Unauthorized Access Attempt
A large quantity of NO-OP instructions has been detected. This may indicate an attempt to overflow a buffer by padding the request with a large number of NO-OP instructions. A successful attempt could cause a denial of service or allow arbitrary code to be executed on the system.
Verify that all current patches have been applied and the latest software versions have been installed on the system.
Internet Security Systems Protection Alert April 11, 2006
Cumulative Security Update for Internet Explorer
http://xforce.iss.net/xforce/alerts/id/220
Internet Security Systems Protection Alert October 3, 2006
Vulnerability in Windows Shell Could Allow Remote Code Execution
http://xforce.iss.net/xforce/alerts/id/238
ISS X-Force
NO-OP large quantity of instructions have been detected
http://www.iss.net/security_center/static/15747.php