Imperva Cyber Community

 View Only
  • 1.  Illegal Byte Code Alerts

    Posted 26 days ago
    Dear Team,

    Hope all doing good!

    In Securesphere WAF logs has been analyzed has "illegal byte code" for below request. Either this request due to WAF non-readable format or any other reason.

    Sample Logs:
    [[#22]][[#3]][[#3]][[#0]]Ñ[[#1]][[#0]][[#0]]Í[[#3]][[#3]]b—Sí¡[[#18]][[#26]]äV®{1·b%>!¨[[#21]]í#îmÿxî[[#1]]hý?[[#0]][[#0]]d[[#0]]ÿÀ$À([[#0]]=À&À*[[#0]]k[[#0]]jÀ   
    • À[[#20]][[#0]]5À[[#5]]À[[#15]][[#0]]9[[#0]]8À#À'[[#0]]<À%À)[[#0]]g[[#0]]@À À[[#19]][[#0]]/À[[#4]]À[[#14]][[#0]]3[[#0]]2À,À+À0[[#0]]À.À2[[#0]]£[[#0]]ŸÀ/[[#0]]œÀ-À1[[#0]]ž[[#0]]¢À[[#8]]À[[#18]][[#0]]: 
    • À[[#3]]À [[#0]][[#22]][[#0]][[#19]][[#1]][[#0]][[#0]]@[[#0]]: 
    • [[#0]][[#24]][[#0]][[#22]][[#0]][[#23]][[#0]][[#19]][[#0]][[#21]][[#0]][[#24]][[#0]][[#25]][[#0]][[#15]][[#0]][[#16]][[#0]][[#17]][[#0]][[#18]][[#0]][[#20]][[#0]][[#22]][[#0]][[#11]][[#0]][[#2]][[#1]][[#0]][[#0]] [[#0]][[#26]][[#0]][[#24]][[#6]][[#3]][[#6]][[#1]][[#5]][[#3]][[#5]][[#1]][[#4]][[#3]][[#4]][[#1]][[#3]][[#3]][[#3]][[#1]][[#2]][[#3]][[#2]][[#1]][[#4]][[#2]][[#2]][[#2]][[#21]][[#3]][[#3]][[#0]][[#2]][[#2]]: 

    #On-PremisesWAF(formerlySecuresphere)

    ------------------------------
    Jagadesh Kumar R
    Inormation Security Group, Assistant Manager
    Karur
    ------------------------------


  • 2.  RE: Illegal Byte Code Alerts

    Posted 25 days ago
    Hi Jagadesh,

    In my experience, although it could be part of attack or malicious attempt - I usually see this alert triggered often when the WAF is monitoring an SSL VPN, or some type of remote session streaming. (like RDP).


  • 3.  RE: Illegal Byte Code Alerts

    Posted 23 days ago
    Hi Jaired,

    I have analyzed one more point, in this traffic "decoded: false" what will be the reason we have getting this,

    Alert Name:
    Illegal Byte Code Character in Header Name

    ------------------------------
    Jagadesh Kumar R
    Inormation Security Group, Assistant Manager
    Karur
    ------------------------------