Hi Jaired,
I have analyzed one more point, in this traffic "
decoded: false" what will be the reason we have getting this,
Alert Name:Illegal Byte Code Character in Header Name
------------------------------
Jagadesh Kumar R
Inormation Security Group, Assistant Manager
Karur
------------------------------
Original Message:
Sent: 06-02-2022 09:15
From: Jaired Anderson
Subject: Illegal Byte Code Alerts
Hi Jagadesh,
In my experience, although it could be part of attack or malicious attempt - I usually see this alert triggered often when the WAF is monitoring an SSL VPN, or some type of remote session streaming. (like RDP).
Original Message:
Sent: 06-01-2022 08:29
From: Jagadesh Kumar R
Subject: Illegal Byte Code Alerts
Dear Team,
Hope all doing good!
In Securesphere WAF logs has been analyzed has "illegal byte code" for below request. Either this request due to WAF non-readable format or any other reason.
Sample Logs:
[[#22]][[#3]][[#3]][[#0]]Ñ[[#1]][[#0]][[#0]]Í[[#3]][[#3]]bSí¡[[#18]][[#26]]äV®{1·b%>!¨[[#21]]í#îmÿxî[[#1]]hý?[[#0]][[#0]]d[[#0]]ÿÀ$À([[#0]]=À&À*[[#0]]k[[#0]]jÀ
- À[[#20]][[#0]]5À[[#5]]À[[#15]][[#0]]9[[#0]]8À#À'[[#0]]<À%À)[[#0]]g[[#0]]@À À[[#19]][[#0]]/À[[#4]]À[[#14]][[#0]]3[[#0]]2À,À+À0[[#0]]À.À2[[#0]]£[[#0]]À/[[#0]]À-À1[[#0]][[#0]]¢À[[#8]]À[[#18]][[#0]]:
- À[[#3]]À [[#0]][[#22]][[#0]][[#19]][[#1]][[#0]][[#0]]@[[#0]]:
- [[#0]][[#24]][[#0]][[#22]][[#0]][[#23]][[#0]][[#19]][[#0]][[#21]][[#0]][[#24]][[#0]][[#25]][[#0]][[#15]][[#0]][[#16]][[#0]][[#17]][[#0]][[#18]][[#0]][[#20]][[#0]][[#22]][[#0]][[#11]][[#0]][[#2]][[#1]][[#0]][[#0]] [[#0]][[#26]][[#0]][[#24]][[#6]][[#3]][[#6]][[#1]][[#5]][[#3]][[#5]][[#1]][[#4]][[#3]][[#4]][[#1]][[#3]][[#3]][[#3]][[#1]][[#2]][[#3]][[#2]][[#1]][[#4]][[#2]][[#2]][[#2]][[#21]][[#3]][[#3]][[#0]][[#2]][[#2]]:
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Jagadesh Kumar R
Inormation Security Group, Assistant Manager
Karur
------------------------------