Juin 2012 : Plusieurs sondes ont été ajoutées à l'analyseur de logs Iis
Liste des violations :
Id Priority Description
QC-IIS999999 BLOCKER Unknown ErrorCode
QC-IIS001002 BLOCKER HTTP Request : cs-uri-stem XSS dangerous request
QC-IIS001003 BLOCKER HTTP Request : cs-uri-query XSS dangerous request
QC-IIS001004 BLOCKER HTTP Request : cs-user-agent XSS dangerous request
QC-IIS001005 BLOCKER HTTP Request : cs-uri-query SQLInjection dangerous request
QC-IIS001026 BLOCKER HTTP Request : empty user-agent
QC-IIS001028 BLOCKER HTTP Request : cs-uri-stem is incorrect
QC-IIS001030 BLOCKER HTTP Request : cs-uri-query is suspicious
QC-IIS001037 BLOCKER HTTP Request : empty user-agent on .aspx cs-uri-stem
QC-IIS001055 BLOCKER HTTP Request : excessive requests from c-ip and uri-stem
QC-IIS001056 BLOCKER HTTP Request : excessive requests from c-ip
QC-IIS001057 BLOCKER HTTP Request : excessive requests from uri-stem
QC-IIS001058 BLOCKER HTTP Request : non UTF-8 request
QC-IIS001059 BLOCKER HTTP Request : excessive requests from uri-stem and http invalid status
QC-IIS001079 BLOCKER HTTP Request : excessive requests from c-ip-empty-user-agent
QC-IIS001092 BLOCKER vtiger php crm simulation attack
QC-IIS001006 MAJOR HTTP Request : cs-username is provided
QC-IIS001007 MAJOR HTTP Request : abnormal user-agent
QC-IIS001008 MAJOR HTTP Request : time-taken too long (>100ms)
QC-IIS001009 MAJOR HTTP Request : time-taken too too long (>200ms)
QC-IIS001010 MAJOR HTTP Request : time-taken excessively too long (>20s)
QC-IIS001011 MAJOR HTTP Request : sc-win32-status is provided
QC-IIS001012 MAJOR HTTP Request : sc-status>=500
QC-IIS001013 MAJOR HTTP Request : sc-win32-status = 64 The specified network name is no longer available
QC-IIS001014 MAJOR HTTP Request : sc-win32-status = d3221225581 = HC000006D User logon has incorrect user name
QC-IIS001015 MAJOR HTTP Request : sc-win32-status = d2148074248 = H80090308 LDAP authentication error
QC-IIS001016 MAJOR HTTP Request : sc-win32-status = 2 The system cannot find the file specified
QC-IIS001017 MAJOR HTTP Request : sc-win32-status = 995 The I/O operation has been aborted
QC-IIS001018 MAJOR HTTP Request : sc-win32-status = d3221226515 = HC0000413 Logon Failure: The machine you are logging onto is protected by an authentication firewall
QC-IIS001019 MAJOR HTTP Request : sc-win32-status = 5 or = d -2147024891= H80070005 Access is denied
QC-IIS001020 MAJOR HTTP Request : sc-win32-status = d2148074252 = H8009030C LDAP authentication error
QC-IIS001021 MAJOR HTTP Request : sc-win32-status = 3 The system cannot find the path specified
QC-IIS001022 MAJOR HTTP Request : sc-win32-status = 4 The system cannot open the file
QC-IIS001023 MAJOR HTTP Request : sc-win32-status = 1236 The network connection was aborted by the local system
QC-IIS001024 MAJOR HTTP Request : sc-win32-status = 121 The semaphore time-out period has expired
QC-IIS001025 MAJOR HTTP Request : sc-win32-status = 22 The device does not recognize the command
QC-IIS001048 MAJOR HTTP Request : sc-win32-status = 123 The file name, directory name, or volume label syntax is incorrect
QC-IIS001052 MAJOR HTTP Request : sc-status=500 and sc-method=GET
QC-IIS001053 MAJOR HTTP Request : sc-status=500 and sc-method=POST
QC-IIS001070 MAJOR HTTP Request : sc-status=500 and sc-method not GET or POST
QC-IIS001071 MAJOR HTTP Request : sc-status=400
QC-IIS001097 MAJOR HTTP Request : sc-win32-status = d2148074254 = SEC_E_NO_CREDENTIALS
QC-IIS001032 MINOR HTTP Request : 404 and empty user-agent
QC-IIS001078 MINOR HTTP Request : 404 and normal user-agent
QC-IIS001034 MINOR HTTP Request : tentative de scan malveillant libwww-perl
QC-IIS001001 INFO HTTP Request : cs-method other than POST or GET or HEAD
QC-IIS001027 INFO HTTP Request : cs-method is HEAD
QC-IIS999997 INFO LogEntry brut
QC-IIS999998 INFO Message d'erreur brut