Cisco Cisco FirePOWER Appliance 8250
25-14
FireSIGHT System User Guide
Chapter 25 Using Application Layer Preprocessors
Detecting Exploits in DNS Name Server Responses
•
To test whether specified ports carry DCE/RPC traffic and continue processing when they do, select
or clear the check box next to an auto-detection transport and, optionally, add or delete ports for the
transport.
or clear the check box next to an auto-detection transport and, optionally, add or delete ports for the
transport.
Select one or any combination of
RPC over HTTP Server Auto-Detect Ports
,
TCP Auto-Detect Ports
, and
UDP
Auto-Detect Ports
for a Windows policy.
Note that you would rarely, if ever, select
RPC over HTTP Proxy Auto-Detect Ports
or
SMB Auto-Detect
Ports
.
Typically, specify a port range from 1025 to 65535 for auto-detection ports that you enable to cover
the entire range of ephemeral ports. See
the entire range of ephemeral ports. See
, and
for more information.
See
for more information.
Step 8
Optionally, click
Configure Rules for DCE/RPC Configuration
at the top of the page to display rules associated
with individual options.
Click
Back
to return to the DCE/RPC Configuration page.
Step 9
Save your policy, continue editing, discard your changes, revert to the default configuration settings in
the base policy, or exit while leaving your changes in the system cache. See the
the base policy, or exit while leaving your changes in the system cache. See the
table for more information.
Detecting Exploits in DNS Name Server Responses
License:
Protection
The DNS preprocessor inspects DNS name server responses for the following specific exploits:
•
Overflow attempts on RData text fields
•
Obsolete DNS resource record types
•
Experimental DNS resource record types
See the following sections for more information:
•
•
•
•
•
Understanding DNS Preprocessor Resource Record Inspection
License:
Protection
The most common type of DNS name server response provides one or more IP addresses that correspond
to domain names in the query that prompted the response. Other types of server responses provide, for
example, the destination for an email message or the location of a name server that can provide
information not available from the server originally queried.
to domain names in the query that prompted the response. Other types of server responses provide, for
example, the destination for an email message or the location of a name server that can provide
information not available from the server originally queried.