********************************************************************** Symantec Network Security 7100 Series Engine Update 6 Readme.txt Copyright (c) 2005 Symantec Corporation August 2005 ********************************************************************** The following is a Readme for Symantec Network Security 4.0 and Symantec Network Security 7100 Series appliance Engine Update 6. This Engine Update applies to all models of the Symantec Network Security 7100 Series appliance and to Symantec Network Security 4.0. Engine Update 6 is automatically installed on the Symantec Network Security 7100 Series appliance and Symantec Network Security 4.0 via the Symantec LiveUpdate service. Note: Installing Engine Update 6 restarts the 7100 Series appliance sensors. For any 7100 Series appliance running in-line, this process causes a brief network interruption. For additional information, contact technical support or consult the knowledge base via the Symantec Web site at: * Technical support: http://www.symantec.com/techsupp/enterprise/custserv/contact_cs_online.html http://www.symantec.com/techsupp/enterprise/custserv/contact_cs_phone.html * Knowledge base: http://www.symantec.com/techsupp/enterprise/select_product_kb.html - Click Intrusion Protection > Symantec Network Security > Symantec Network Security 7100 Series - Click Intrusion Protection > Symantec Network Security > Symantec Network Security 4.0 Engine Update 6 addresses the following: * Back Orifice detection engine solution * Scan state performance enhancement * Varying TTL TCP issue * GRE de-tunneling support Back Orifice detection engine solution -------------------------------------- Engine Update 6 resolves a potential memory leak and instability in the Back Orifice detection functionality. Scan state performance enhancement ---------------------------------- Engine Update 6 adds scan state persistence to signature matching, improving signature performance. Varying TTL TCP issue --------------------- Engine Update 6 reduces the occurrence of false positives that resulted from the severity level setting in the Varying TTL in TCP signature. GRE de-tunneling support ------------------------ Engine Update 6 adds Generic Routing Encapsulation (GRE) de-tunneling support. This gives Symantec Network Security the ability to detect traffic entering through a GRE tunnel, thereby increasing detection capabilities and preventing attacks. Symantec Network Security will inspect de-tunneled GRE packets that are one of the supported protocol types. If an event is generated on a tunneled packet, the event will display the source and destination address of the tunneled packet. Symantec Network Security also sends events on an unknown GRE version, a bad GRE checksum, nested GRE tunnels, and a runt GRE packet. If an event is generated for these GRE-specific events, the event will display the outer tunnel source and destination address. Note: In the case of an alert, Symantec Network Security will stop processing nested GRE tunneled traffic. However, if a de-tunneled GRE packet generates a blockable event, Symantec Network Security will block further traffic on the flow but will not attempt to send a TCP reset packet through the tunnel to terminate the flow.