********************************************************************** Symantec Network Security 7100 Series Engine Update 4 Readme.txt Copyright (c) 2005 Symantec Corporation May 2005 ********************************************************************** The following is a Readme for Symantec Network Security 4.0 and Symantec Network Security 7100 Series appliance Engine Update 4. This Engine Update applies to all models of the Symantec Network Security 7100 Series appliance and to Symantec Network Security 4.0. Engine Update 4 is automatically installed on the Symantec Network Security 7100 Series appliance and Symantec Network Security 4.0 via the Symantec LiveUpdate service. Note: You must install Engine Update 4, Patch 8, and the updated Network Security console to ensure that all new and updated features will work properly. Note: Installing Engine Update 4 restarts the 7100 Series appliance sensors. For any 7100 Series appliance running in-line, this process causes a brief network interruption. For additional information, contact technical support or consult the knowledge base via the Symantec Web site at: * Technical support: http://www.symantec.com/techsupp/enterprise/custserv/contact_cs_online.html http://www.symantec.com/techsupp/enterprise/custserv/contact_cs_phone.html * Knowledge base: http://www.symantec.com/techsupp/enterprise/select_product_kb.html - Click Intrusion Protection > Symantec Network Security > Symantec Network Security 7100 Series - Click Intrusion Protection > Symantec Network Security > Symantec Network Security 4.0 This Readme discusses the following: * SYN flood mitigation enhancement * Sun RPC solution * Detection updates * False positive enhancements * Event description updates SYN flood mitigation enhancement -------------------------------- Previously, a large number of SYN packets coming into Symantec Network Security might result in filling the TCP flow table and impacting performance. Engine Update 4 enhances the ability to mitigate SYN floods and prevents attackers from significantly degrading flow table access and system performance with a SYN flood. Sun RPC solution ---------------- Previously, fragmented RPC records were collected and sent to the signature engine, which might result in pattern mismatching. Engine Update 4 allows Symantec Network Security to correctly reassemble the payloads and present them as a continuous payload to the signature engine. Detection updates ----------------- The following updates are incorporated into Engine Update 4: * Enhanced decoding and detection of OpenSSH vulnerabilities * Updated BackOrifice detection False positive enhancements --------------------------- Engine Update 4 provides the following: * Reduces false positives in HTTP, ICMP, and scan and flood detection * Prevents false positive alerts on Big5 Chinese encoded HTTP and FTP traffic, such as: - Malformed HTTP Request URI (After "?") - FTP_Invalid_UTF8 - HTTP_Generic_InvalidURL Event description updates ------------------------- Engine Update 4 provides more informative, updated, and expanded event descriptions.