Imperva Cyber Community

 View Only
  • 1.  Illegal Byte Code Alerts

    Posted 06-01-2022 08:30
    Dear Team,

    Hope all doing good!

    In Securesphere WAF logs has been analyzed has "illegal byte code" for below request. Either this request due to WAF non-readable format or any other reason.

    Sample Logs:
    [[#22]][[#3]][[#3]][[#0]]Ñ[[#1]][[#0]][[#0]]Í[[#3]][[#3]]b—Sí¡[[#18]][[#26]]äV®{1·b%>!¨[[#21]]í#îmÿxî[[#1]]hý?[[#0]][[#0]]d[[#0]]ÿÀ$À([[#0]]=À&À*[[#0]]k[[#0]]jÀ   
    • À[[#20]][[#0]]5À[[#5]]À[[#15]][[#0]]9[[#0]]8À#À'[[#0]]<À%À)[[#0]]g[[#0]]@À À[[#19]][[#0]]/À[[#4]]À[[#14]][[#0]]3[[#0]]2À,À+À0[[#0]]À.À2[[#0]]£[[#0]]ŸÀ/[[#0]]œÀ-À1[[#0]]ž[[#0]]¢À[[#8]]À[[#18]][[#0]]: 
    • À[[#3]]À [[#0]][[#22]][[#0]][[#19]][[#1]][[#0]][[#0]]@[[#0]]: 
    • [[#0]][[#24]][[#0]][[#22]][[#0]][[#23]][[#0]][[#19]][[#0]][[#21]][[#0]][[#24]][[#0]][[#25]][[#0]][[#15]][[#0]][[#16]][[#0]][[#17]][[#0]][[#18]][[#0]][[#20]][[#0]][[#22]][[#0]][[#11]][[#0]][[#2]][[#1]][[#0]][[#0]] [[#0]][[#26]][[#0]][[#24]][[#6]][[#3]][[#6]][[#1]][[#5]][[#3]][[#5]][[#1]][[#4]][[#3]][[#4]][[#1]][[#3]][[#3]][[#3]][[#1]][[#2]][[#3]][[#2]][[#1]][[#4]][[#2]][[#2]][[#2]][[#21]][[#3]][[#3]][[#0]][[#2]][[#2]]: 

    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Jagadesh Kumar R
    Inormation Security Group, Assistant Manager
    Karur
    ------------------------------


  • 2.  RE: Illegal Byte Code Alerts

    Posted 06-02-2022 09:15
    Hi Jagadesh,

    In my experience, although it could be part of attack or malicious attempt - I usually see this alert triggered often when the WAF is monitoring an SSL VPN, or some type of remote session streaming. (like RDP).


  • 3.  RE: Illegal Byte Code Alerts

    Posted 06-04-2022 08:13
    Hi Jaired,

    I have analyzed one more point, in this traffic "decoded: false" what will be the reason we have getting this,

    Alert Name:
    Illegal Byte Code Character in Header Name

    ------------------------------
    Jagadesh Kumar R
    Inormation Security Group, Assistant Manager
    Karur
    ------------------------------