AIM
|
Maximum header length–Raises
a protocol anomaly if IDP detects a header containing more bytes than
the specified maximum. The default is 10,000 bytes.
|
Maximum type-length-value length–Raises a protocol anomaly if IDP detects an AIM/ICQ type-length-value
(TLV) containing more bytes than the specified maximum. A TLV is a
tuple used for passing typed information to the protocol. The default
is 8000 bytes.
|
Maximum inter-client-message-block length–Raises a protocol anomaly if IDP detects an AIM/ICQ inter-client-message-block
(ICMB) containing more bytes than the specified maximum. The default
is 2000 bytes.
|
Maximum filename length–Raises
a protocol anomaly if IDP detects an AIM/ICQ file name containing
more bytes than the specified maximum. The default is 10,000 bytes.
|
DHCP
|
Check to see if the source port of client's
packets is 68—Raises a protocol anomaly if IDP detects
DHCP traffic that originates from a port other than 68. This setting
is not enabled by default.
|
DNS
|
Report unknown DNS parameters (high noise)–Detects and reports unknown DNS parameters.
You must also configure an IDP rulebase rule to detect DNS anomalies.
This setting is not enabled by default.
|
Report unexpected DNS parameters (high
noise) –Detects and reports unexpected DNS parameters.
This setting is not enabled by default.
You must also configure an IDP rulebase rule to detect DNS anomalies.
|
Maximum length of a DNS UDP packet –Raises a protocol anomaly if IDP detects a DNS UDP packet
containing more bytes than the specified maximum. The default is 512
bytes.
|
Maximum size of a NXT resource record –Raises a protocol anomaly if IDP detects an NXT resource
record in a DNS request or response message of a greater size. The
default is 4096 bytes.
This setting tunes the following protocol anomaly attack object:
DNS_BIND_NXT_OVERFLOW (key is DNS:OVERFLOW:NXT-OVERFLOW).
|
Maximum time of a dns cache –Controls
the maximum amount of time for a DNS query and reply. The default
is 60 seconds.
|
Maximum number of logs in a session –Controls the maximum number of DNS queries kept to match
a reply. The default is 1000 queries.
|
FTP
|
Maximum Line length–Raises
a protocol anomaly if IDP detects an FTP username containing more
bytes than the specified maximum. The default is 32 bytes.
|
Maximum Username length–Raises
a protocol anomaly if IDP detects an FTP password containing more
bytes than the specified maximum. The default is 64 bytes.
|
Maximum Password length –Raises
a protocol anomaly if IDP detects an FTP pathname containing more
bytes than the specified maximum. The default is 512 bytes.
|
Maximum Pathname length –Raises
a protocol anomaly if IDP detects an FTP pathname containing more
bytes than the specified maximum. The default is 512 bytes.
|
Maximum Sitestring length –Raises
a protocol anomaly if IDP detects an FTP sitestring containing more
bytes than the specified maximum. The default is 512 bytes.
|
Maximum number of login failures per-minute–Raises a protocol anomaly if IDP detects more FTP login failures
in one minute than the specified maximum. The default is 4 FTP login
failures per minute.
|
GNUTELLA
|
Maximum TTL hops–Raises a
protocol anomaly if IDP detects a number of TTL hops that is higher
than the specified maximum. The default is 8 TTL hopes.
|
Maximum Line length–Raises
a protocol anomaly if IDP detects, in a Gnutella connection, a line
that contains more bytes than the specified maximum. The default is
2048 bytes.
|
Maximum Query size–Raises
a protocol anomaly if IDP detects a Gnutella client query that contains
more bytes than the specified maximum. The default is 256 bytes.
|
GOPHER
|
Maximum line length–Raises
a protocol anomaly if IDP detects, in a Gopher server-to-client connection,
a line sent by a Gopher server to a client that contains more bytes
than the specified maximum. The default is 512 bytes.
|
Maximum hostname length–Raises
a protocol anomaly if IDP detects, in a Gopher server-to- client connection,
a hostname that contains more bytes than the specified maximum. The
default is 64 bytes.
|
HTTP
|
Maximum Request length–Raises
a protocol anomaly if IDP detects an HTTP request that contains more
bytes than the specified maximum. The default is 8192 bytes.
|
Maximum Header length–Raises
a protocol anomaly if IDP detects an HTTP header that contains more
bytes than the specified maximum. The default is 8192 bytes.
|
Maximum Cookie length –Raises
a protocol anomaly if IDP detects a cookie that contains more bytes
than the specified maximum. The default is 8192 bytes.
Cookies that exceed the cookie length setting can match the
protocol anomaly ”r;HTTP-HEADER-OVERFLOW” and produce
unnecessary log records. If you are getting too many log records for
the HTTP-HEADER-OVERFLOW protocol anomaly, increase the maximum cookie
length.
|
Maximum Authorization length–Raises
a protocol anomaly if IDP detects an HTTP header authorization line
that contains more bytes than the specified maximum. The default is
512 bytes.
Use this setting to tune results from the Auth Overflow attack
object (key is HTTP:OVERFLOW:AUTH-OVFLW).
|
Maximum Content-type length–Raises
a protocol anomaly if IDP detects an HTTP header content-type that
contains more bytes than the specified maximum. The default is 512
bytes.
|
Maximum User-agent length–Raises
a protocol anomaly if IDP detects an HTTP header user-agent that contains
more bytes than the specified maximum. The default is 256 bytes.
|
Maximum Host length–Raises
a protocol anomaly if IDP detects an HTTP header host that contains
more bytes than the specified maximum. The default is 64 bytes.
|
Maximum Referrer length –Raises
a protocol anomaly if IDP detects an HTTP header referrer that contains
more bytes than the specified maximum. The default is 8192 bytes.
|
Use alternate ports as http service–If selected, the security module watches for HTTP traffic
on the following ports in addition to tcp/80: 7001; 8000; 8001; 8100;
8200; 8080; 8888; 9080. This setting is enabled by default.
|
Maximum number of login failures per-minute–Raises a protocol anomaly if IDP detects, between a unique
pair of hosts, more login failures than the specified maximum. The
default is 4 HTTP authentication failures per minute.
This setting tunes the BRUTE_FORCE attack object.
|
Maximum number of 301/403/404 or 405
errors per-minute–Raises a protocol anomaly if IDP detects,
between a unique pair of hosts, more 301/403/404/405 errors than the
specified maximum. The default is 16 HTTP errors per minute.
|
ICMP
|
Maximum Packets per second to trigger
a flood–Raises a protocol anomaly if IDP detects more ICMP
packets than the specified maximum. The default is 250 packets per
second.
|
Minimum time interval (in seconds) between
packets–Raises a protocol anomaly if IDP detects ICMP packets
that have less than the specified minimum time interval between them.
The default is 1 second.
Use this setting to tune the Flood attack object (ICMP:EXPLOIT:FLOOD).
|
IDENT
|
Maximum requests per session–Raises
a protocol anomaly if IDP detects more IDENT (identification protocol)
requests than the specified maximum. The default is 1 request per
session.
This setting tunes the Too Many Requests attack object (key
is IDENT:OVERFLOW:REQUEST-NUM).
|
Maximum Request length–Raises
a protocol anomaly if IDP detects an IDENT request containing more
bytes than the specified maximum. The default is 15 bytes.
This setting tunes the Request Too Long attack object (key is
IDENT:OVERFLOW:REQUEST).
|
Maximum Reply length–Raises
a protocol anomaly if IDP detects an IDENT reply containing more bytes
than the specified maximum. The default is 128 bytes.
This setting tunes the Reply Too Long attack object (key is
IDENT:OVERFLOW:REPLY).
|
IKE
|
Maximum number of payloads in an IKE
message–Raises a protocol anomaly if IDP detects an IKE
message with a higher number of payloads. The default is 57 payloads.
This setting tunes detection with the TOO-MANY-PAYLOADS attack
object (key is IKE:MALFORMED:2MANY-PAYLOAD).
|
IMAP
|
Maximum Line length–Raises
a protocol anomaly if IDP detects an IMAP line containing more bytes
than the maximum. The default is 2048 bytes.
|
Maximum Username length–Raises
a protocol anomaly if IDP detects an IMAP username containing more
bytes than the maximum. The default is 64 bytes.
|
Maximum Password length–Raises
a protocol anomaly if IDP detects an IMAP password containing more
bytes than the specified maximum. The default is 64 bytes.
|
Maximum Mailbox length–Raises
a protocol anomaly if IDP detects an IMAP mailbox containing more
than the maximum. The default is 64 bytes.
|
Maximum Reference length –Raises
a protocol anomaly if IDP detects an IMAP reference containing more
bytes than the specified maximum. The default is 64 bytes.
|
Maximum Flag length–Raises
a protocol anomaly if IDP detects an IMAP flag containing more bytes
than the specified maximum. The default is 64 bytes.
|
Maximum Literal length–Raises
a protocol anomaly if IDP detects a literal with more octets than
the specified maximum. In IMAP4 protocol, a string can be in one of
two forms: literal and quoted. As defined in RFC 2060 4.3, a literal
is a sequence of zero or more octets (including CR and LF), prefix-quoted
with an octet count in the form of an open brace ("{"), the number
of octets, close brace ("}"), and CRLF. Valid range is 1 to 1,67,77,215.
The default is 65,535 bytes.
This setting tunes detection with the imap_literal_length_overflow
attack object (key is IMAP:OVERFLOW:LIT_LENGTH_OFLOW).
|
Maximum number of login failures per-minute–Raises a BRUTE_FORCE protocol anomaly if IDP detects more
login failures than the maximum. The default is 4 IMAP login failures
per minute.
|
IRC
|
Maximum Password length –Raises
a protocol anomaly if IDP detects an Internet Relay Chat (IRC) password
containing more bytes than the specified maximum. The default is 16
bytes.
|
Maximum Username length–Raises
a protocol anomaly if IDP detects an IRC username containing more
bytes than the specified maximum. The default is 16 bytes.
|
Maximum Channel length–Raises
a protocol anomaly if IDP detects an IRC channel name containing more
bytes than the specified maximum. The default is 64 bytes.
|
Maximum Nickname length–Raises
a protocol anomaly if IDP detects an IRC nickname containing more
bytes than the specified maximum. The default is 16 bytes.
|
LDAP
|
Maximum length of Integer representation
in BER encoding–Raises a protocol anomaly if IDP detects
an integer field of the LDAP BER containing more bytes than the specified
maximum. The default is 4 bytes.
|
Maximum number of left zeros for tag
in BER encoding–Raises a protocol anomaly if IDP detects
more left zeros in any tag in LDAP BER encoding than the specified
maximum. The default is 4 left zeros.
|
Maximum value of any LDAP tag in BER
encoding–Raises a protocol anomaly if IDP detects a value
for a tag that can be seen in the LDAP BER encoding that is greater
than the specified maximum. LDAP tags are represented using 1 byte,
with the top 3 bits reserved. The default is 31.
|
Maximum number of left zeros for length
in BER encoding–Raises a protocol anomaly if IDP detects
more left zeros in any length field in LDAP BER encoding than the
specified maximum. The default is 64 left zeros.
|
Maximum number of search results requested
by LDAP client–Raises a protocol anomaly if IDP detects
an LDAP client request for more matching entries than the specified
maximum. The default is 0 (indicating no limit).
|
Maximum timelimit for search result requested
by LDAP client–Raises a protocol anomaly if IDP detects
a time limit greater than the specified maximum. The time limit is
the number of seconds before a client request times out waiting for
a response from the server. The default is 0 (indicating no limit).
|
Maximum length of an LDAP Attribute Descriptor–Raises a protocol anomaly if IDP detects a length of an attribute
descriptor field in an LDAP message containing more bytes than the
specified maximum. The default is 512 bytes.
|
Maximum length of an LDAP Distinguished
Name–Raises a protocol anomaly if IDP detects a length
of a distinguished name field in the LDAP message containing more
bytes than the specified maximum. The default is 512 bytes.
|
Maximum value of Message id in any LDAP
Message –Raises a protocol anomaly if IDP detects a message
ID greater than the specified maximum. The default is 2,14,74,83,647.
|
Maximum length of an LDAP message–Raises a protocol anomaly if IDP detects a LDAP message that
will be processed by the LDAP subsystem larger than the specified
maximum. The default is 8100 bytes.
This setting tunes the MESSAGE_TOO_LONG attack object. If IDP
raises this anomaly, it logs the event and skips the message.
|
Maximum number of nested operators in
an LDAP search request–Raises a protocol anomaly if IDP
detects a number of nested levels allowed in an LDAP search request
filter argument greater than the specified maximum. The default is
8 nested operators.
|
Maximum Number of login failures per-minute–Raises a BRUTE_FORCE protocol anomaly if IDP detects more
login failures than the maximum. The default is 4 LDAP login failures
per minute.
|
LPR
|
Maximum Sub-command length in RECEIVE-JOB
Command–Raises a protocol anomaly if IDP detects in an
Line Printer Protocol (LPR) control file a sub command line containing
more bytes than the specified maximum. LPR is a TCP-based print server
protocol used by line printer daemons (client and server) to communicate
over networks. An LPR client uses the LPR protocol to send a print
command to an LPR server (a line printer) at TCP/515. After the print
command is received by the server, the client can issue subcommands
to the server and send control and data files. Control files tell
the line printer which functions to perform when printing the file;
data files carry the payload. The default is 256 bytes.
|
Maximum Reply length from server–Raises a protocol anomaly if IDP detects an LPR control filename
containing more bytes than the specified maximum. The default is 64
bytes.
|
Maximum Control filename length–Raises
a protocol anomaly if IDP detects an LPR control filename containing
more bytes than the specified maximum. The default is 64 bytes.
|
Maximum Data filename length–Raises
a protocol anomaly if IDP detects a data filename containing more
bytes than the specified maximum. The default is 64 bytes.
|
Maximum Control file size–Raises
a protocol anomaly if IDP detects an LPR control file size greater
than the specified maximum. The default is 1024 bytes.
|
Maximum Data file size–Raises
a protocol anomaly if IDP detects an LPR data file size greater than
the specified maximum. The default is 64 bytes.
|
Maximum Banner string length–Raises
a protocol anomaly if IDP detects an LPR banner string containing
more bytes than the specified maximum. A banner string is typically
the filename of the print job. The default is 32 bytes.
|
Maximum E-mail length –Raises
a protocol anomaly if IDP detects an LPR control file e-mail address
containing more bytes than the specified maximum. After the file has
printed, it is sent to the e-mail address specified in the control
file. The default is 32 bytes.
|
Maximum Symbolic link length –Raises
a protocol anomaly if IDP detects in an LPR control file a symbolic
link containing more bytes than the specified maximum. A symbolic
link is a file that points to another file (entry) in a UNIX file
system, but does not contain the data in the target file. When the
LPR protocol receives a symbolic link command in a control file, it
records the symbolic link data for the print job filename to prevent
directory entry changes from reprinting the file. The default maximum
is 128 bytes.
|
Maximum font length –Raises
a protocol anomaly if IDP detects in an LPR control file a font name
containing more bytes than the specified maximum. The default is 64
bytes.
|
Maximum filename length for format related
sub commands–Raises a protocol anomaly if IDP detects in
an LPR control file a format-related file name containing more bytes
than the specified maximum. The default is 32 bytes.
|
MSN
|
Maximum Username length–Raises
a protocol anomaly if IDP detects an MSN (Microsoft Instant Messaging)
username containing more bytes than the specified maximum. The default
is 84 bytes.
|
Maximum Display name length–Raises
a protocol anomaly if IDP detects an MSN display name containing more
bytes than the specified maximum. The default is 128 bytes.
|
Maximum Group name length–Raises
a protocol anomaly if IDP detects an MSN group name containing more
bytes than the specified maximum. The default is 84 bytes.
|
Maximum User state length–Raises
a protocol anomaly if IDP detects an MSN user state containing more
bytes than the specified maximum. A user state is a three-letter
code that indicates the status of the user's connection (online, offline,
idle, and so on). The default is 10 bytes.
|
Maximum Phone number length –Raises
a protocol anomaly if IDP detects a phone number containing more bytes
than the specified maximum. The default is 20 bytes.
|
Maximum Length of IP:port–Raises
a protocol anomaly if IDP detects an IP:port parameter containing
more bytes than the specified maximum. An IP:port parameter indicates
the IP address and port number of the MSN server for a switchboard
session. The default is 30 bytes.
|
Maximum URL length–Raises
a protocol anomaly if IDP detects a URL containing more bytes than
the specified maximum. The default is 1024 bytes.
|
MSRPC
|
Maximum fragment length in MSRPC message–Raises a protocol anomaly if IDP detects an MSRPC (Microsoft
Remote Procedure Call) message with a fragment length greater than
the specified maximum. The default is 8192.
|
Maximum tower data length in endpoint
mapper messages–Raises a protocol anomaly if IDP detects
an endpoint mapper message with a tower data length greater than the
specified maximum. The default is 8192.
|
Maximum number of entries in an insert
message–Raises a protocol anomaly if IDP detects an MSRPC
insert message with more entries than the specified maximum. The default
is 100 entries.
|
NFS
|
Maximum Name length –Raises
a protocol anomaly if IDP detects an NFS packet name containing more
bytes than the specified maximum. The default is 256 bytes.
|
Maximum Path length–Raises
a protocol anomaly if IDP detects an NFS packet pathname containing
more bytes than the specified maximum. The default is 1024 bytes.
|
Maximum buffer length for read/write–Raises a protocol anomaly if IDP detects an NFS read/writer
buffer larger than the specified maximum. The default is 32,768
bytes.
|
NTP
|
Minimum time (in seconds) between two
requests–Raises a protocol anomaly if IDP detects the time
between two client-to-server NTP requests is greater than the specified
maximum. Valid values range from 64 to 1024 seconds. The default is
0 seconds (which turns the feature off).
|
Maximum length for NTPv3 message–Raises a protocol anomaly if IDP detects an NTPv3 message
containing more bytes than the specified maximum. The default is 68
bytes.
|
Maximum length for NTPv4 message–Raises a protocol anomaly if IDP detects an NTPv4 message
containing more bytes than the specified maximum. The default is 68
bytes.
|
Maximum stratum value for any NTP peer–Raises a protocol anomaly if IDP detects a stratum value larger
than the specified maximum. The default is 15 bytes.
|
Maximum time since last update of Reference
clock–Raises a protocol anomaly if IDP detects that the
NTP reference clock has not been updated in more time than the specified
maximum. The default is 86,400 seconds.
|
Match timestamps on NTP request and response–Enables IDP to perform timestamp matching on client requests
and server responses. With this setting enabled, IDP expects the server
response original timestamp to match the client request transmit timestamp;
otherwise IDP considers the packet a possible protocol anomaly. This
setting is enabled by default.
|
Maximum Authorization field length in
NTP control message–Raises a protocol anomaly if IDP detects
that the length of the Authentication fields in an NTP control message
is larger than the specified maximum. The default is 20 bytes.
|
Maximum length of any NTP control variable–Raises a protocol anomaly if IDP detects that the length of
NTP control data variable name is larger than the specified maximum.
The default is 128 bytes.
|
Maximum length of any NTP variable value–Raises a protocol anomaly if IDP detects that the length of
any NTP control data variable value is larger than the specified maximum.
The default is 255 bytes.
|
Maximum length of buffer to store between
control packets–NTP control messages can be split across
multiple UDP packets. This setting is the maximum number of characters
that IDP stores in memory to ensure continuity from one packet to
the other. The default is 255 bytes.
|
Maximum time for an NTP Symmetric passive
association to dissolve–A symmetric passive association
between two NTP peers must be dissolved after sending one reply. This
setting is the time in seconds after which IDP considers such an association
as expired.The default is 900 seconds.
|
POP3
|
Maximum Line length–Raises
a protocol anomaly if IDP detects a POP3 line containing more bytes
than the specified maximum. The default is 512 bytes.
|
Maximum Username length–Raises
a protocol anomaly if IDP detects a POP3 username containing more
bytes than the specified maximum. The default is 64 bytes.
|
Maximum Password length–Raises
a protocol anomaly if IDP detects a POP3 password containing more
bytes than the specified maximum. The default is 64 bytes.
|
Maximum APOP length –Raises
a protocol anomaly if IDP detects an APOP containing more bytes than
the specified maximum. The default is 100 bytes.
|
Maximum message number–Raises
a protocol anomaly if IDP detects a POP3 message number that is higher
than the specified maximum. The default is 10,00,000.
|
Maximum number of login failures per-minute–Raises a BRUTE_FORCE protocol anomaly if IDP detects more
login failures than the specified maximum. The default is 4 POP3 login
failures per minute.
|
RADIUS
|
Maximum number of authenticated failures
per-minute–Raises a BRUTE_FORCE protocol anomaly if IDP
detects more login failures than the specified maximum. The default
is 4 RADIUS login failures per minute.
|
SIP
|
Max-Forwards threshold–Raises
a protocol anomaly if IDP detects maximum number of thresholds.
|
SMB
|
Maximum registry key length–Raises
a protocol anomaly if IDP detects an SMB registry key containing more
bytes than the specified maximum. The default is 8192 bytes.
|
Maximum number of login failures per-minute–Raises a BRUTE_FORCE protocol anomaly if IDP detects more
login failures than the specified maximum. The default is 4 SMB login
failures per minute.
|
SMTP
|
Maximum Number of mail recipients–Raises a protocol anomaly if IDP detects an SMTP message containing
more recipients than the specified maximum. The default is 100 recipients.
|
Maximum Username length in RCPT and MAIL–Raises a protocol anomaly if IDP detects an SMTP message with
a username containing more bytes than the specified maximum. The default
is 256 bytes.
|
Maximum Domain name length in RCPT and
MAIL–Raises a protocol anomaly if IDP detects an SMTP message
with a domain name containing more bytes than the specified maximum.
The default is 64 bytes.
|
Maximum Path length in RCPT and MAIL–Raises a protocol anomaly if IDP detects an SMTP message with
a pathname containing more bytes than the specified maximum. The default
is 256 bytes.
|
Maximum Command line length (before DATA)–Raises a protocol anomaly if IDP detects an SMTP message with
a command-line entry containing more bytes than the specified maximum.
The default is 1024 bytes.
|
Maximum Reply line length from server
(default)–Raises a protocol anomaly if IDP detects an SMTP
message with a reply line from the server containing more bytes than
the specified maximum. The default is 512 bytes.
|
Maximum Text line length (after DATA)–Raises a protocol anomaly if IDP detects an SMTP text line
containing more bytes than the specified maximum. The default is
1024 bytes.
|
Maximum number of nested mime multi-part
attachments–Raises a protocol anomaly if IDP detects more
nested attachments than the specified maximum. The default is 4 nested
mime multi-part attachments.
|
Maximum number of base-64 bytes to decode–Raises a protocol anomaly if IDP detects more bytes of encoded
mime data than the specified maximum. The default is 64 bytes.
|
Maximum length of the value for content-type's
name attribute–Raises a protocol anomaly if IDP detects
a name attribute in the content-type header containing more bytes
than the specified maximum. The default is 128 bytes.
|
Maximum length of the value for the content-disposition's
filename attribute–Raises a protocol anomaly if IDP detects
a filename attribute in the content-disposition header containing
more bytes than the specified maximum. The default is 128 bytes.
|
Look for email headers in message data–Controls whether IDP looks for e-mail headers in the message
data, which can occur when a bounced email contains an attachment.
This setting is not enabled by default.
|
SYSLOG
|
Validate RFC-3164 compliant timestamp
format–If selected, the security module checks the timestamp
in syslog traffic to ensure that it is compliant with RFC 3164. If
the timestamp is not compliant, the security module considers the
traffic a possibly anomaly. This setting is not enabled by default.
|
TELNET
|
Maximum number of login failures per-minute–Raises a BRUTE_FORCE protocol anomaly if IDP detects more
login failures than the specified maximum. The default is 4 TELNET
login failures per minute.
|
TFTP
|
Maximum Filename length–Raises
a protocol anomaly if IDP detects a filename containing more bytes
than the specified maximum. The default is 128 bytes.
|
VNC
|
Maximum Reason string length–Raises
a protocol anomaly if IDP detects a VNC (Virtual Network Computing)
reason string length greater than the specified maximum. A reason
string contains the text that describes why a connection between a
VNC server and client failed. The default is 512 bytes.
|
Maximum Display name length–Raises
a protocol anomaly if IDP detects a VNC display name containing more
bytes than the specified maximum. The default is 128 bytes.
|
Maximum cut text length–Raises
a protocol anomaly if IDP detects a VNC cut text buffer containing
more bytes than the specified maximum. The default is 4096 bytes.
|
Verify message after the initial handshake–Enables the security module to verify VNC connections after
the initial handshake. This setting is not enabled by default.
|
Maximum number of login failures per-minute–Raises a BRUTE_FORCE protocol anomaly if IDP detects more
login failures than the specified maximum. The default is 4 VNC login
failures per minute.
|
WHOIS
|
Maximum Request length–Raises
a protocol anomaly if IDP detects a WHOIS request containing more
bytes than the specified maximum. The default is 128 bytes.
|
YMSG
|
Maximum Message length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger message with
a header that indicates more bytes for the total message than the
specified maximum. The default is 8192 bytes.
|
Maximum Username length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger ID containing
more bytes than the specified maximum. The default is 84 bytes.
|
Maximum Groupname length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger group name containing
more bytes than the specified maximum. The default is 84 bytes.
|
Maximum Crypt length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger encrypted password
containing more bytes than the specified maximum. The default is 124
bytes.
|
Maximum Instant message length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger message containing
more bytes than the specified maximum. The default is 1024 bytes.
|
Maximum Activity string length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger activity data
type containing more bytes than the specified maximum. The default
is 8000 bytes.
|
Maximum Challenge length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger challenge containing
more bytes than the specified maximum. The default is 15 bytes.
|
Maximum Cookie length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger cookie containing
more bytes than the specified maximum. The default is 84 bytes.
|
Maximum URL length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger Web Name containing
more bytes than the specified maximum. The default is 400 bytes.
|
Maximum Conference message length–Raises a protocol anomaly if IDP detects a Yahoo! Messenger
join conference message containing more bytes than the specified maximum.
The default is 1024 bytes.
|
Maximum Conference name length –Raises
a protocol anomaly if IDP detects a Yahoo! Messenger conference name
containing more bytes than the specified maximum. The default is 1024
bytes.
|
Maximum E-mail length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger new e-mail alert
containing an e-mail that has more bytes than the specified maximum.
The default is 84 bytes.
|
Maximum E-mail subject length–Raises
a protocol anomaly if IDP detects an Yahoo! Messenger subject line
containing more bytes than the specified maximum. The default is 128
bytes.
This setting tunes the Mail Subject Overflow attack object (key
is CHAT:YIM:OVERFLOW:MAIL-SUBJECT).
|
Maximum Filename length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger file transfer
containing a filename that has more bytes than the specified maximum.
The default is 1000 bytes.
|
Maximum Chatroom name length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger chat room name
containing more bytes than the specified maximum. The default is 1024
bytes.
|
Maximum Chatroom message length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger chat room message
containing more bytes than the specified maximum. The default is 2000
bytes.
|
Maximum buddy list length–Raises
a protocol anomaly if IDP detects a Yahoo! Messenger buddy list containing
more bytes than the specified maximum. The default is 8000 bytes.
|
Maximum webcam key length –Raises
a protocol anomaly if IDP detects an Yahoo! Messenger Webcam key containing
more bytes than the specified maximum. The default is 124 bytes.
|
