What security events can the LANGuardian detect?

  • 1
  • Question
  • Updated 8 years ago
  • Answered
What different types of security events can the LANGuardian detect..
Photo of NetFort

NetFort

  • 182 Posts
  • 2 Reply Likes

Posted 8 years ago

  • 1
Photo of NetFort

NetFort

  • 182 Posts
  • 2 Reply Likes
Official Response
Machines acting as Mail Servers (Possible SPAM), Network File Access, Machines or Services down, HTTP Web Access, Machines successfully Attacked, Malformed Network Traffic, Chat Applications on the Network, Old IDS Signatures, Emails with Attachments, Finger Application in Use, Attacks against an FTP service, Gaming applications being attacked, Miscellaneous ICMP Traffic, Informative ICMP Traffic, IMAP applications being attacked, Miscellaneous Network Events, Multimedia application on the Network, MYSQL Traffic on the Network, NNTP Service being attacked, Oracle Service being attacked, IDS Generating Traffic, POP2 Service being exploited, POP3 Service being exploited, Porn Sites being accessed on the Network, RPC Service being exploited, Rservices active on Network, Machines scanning the Network, Shellcode attacks, SIP Protocol attacks, SMTP Service being attacked, SNMP Service being attacked, Attackers using Targeted Attacks, Spyware on the Network, SQL Injection attack, Telnet service being exploited, TFTP Service being exploited, Attacks Targeted at Universities, HTTP Attacks, Attacks against HTTP CGI Scripts, Attacks against HTTP Coldfusion attacks, Denial of Service attacks against Webservers, Attacks against Frontpage Scripts, Attacks against IIS Servers, Attacks against PHP Scripts, X11 Machines being attacked Machines using backdoor tools, Web browser attacks, Machines generating Distributed Denial of Service Attacks, Attacks against web servers, Microsoft Machines being exploited via Windows RPC, Machines sending Mail Viruses, Machines being exploited, Machines Using Peer to Peer Applications, Machines Violating Acceptable Use Policy, Machines Visiting Forbidden URLS, Machines Transmitting Excessive Amounts of traffic, Machines Port scanning, Machines scanning the network, Machines Exploiting SQL Servers, Machines generating Denial of Service Attacks, New Machines on the Network, Machines exploiting DNS servers, Misc network events,

The anomaly detection engine (snoopy) alerts on the following types of events.

netscans worm detection reconnaissance scanning probing portscans traffic volume overflows(bottlenecks, congestion) , Spyware infected machines, new devices on the network (e.g. rogue DHCP), SPAM detection (any machines on

Also

Service Profiling, enabling detection of rogue services P2P Detection Users downloading malware via http