By default, what attack signature group severity level is reported for reconnaissance attacks?
Predefined attack object groups contain attack objects for a specific protocol. For each protocol, the groups are
separatedinto protocol anomalies andstatefulsignatures, and then roughly organized by severity. The three attack object group severity levels are critical, high, and medium:
Critical:Contains attack objects matching exploits that attempt to evade detection, cause a network device to crash, or gain system-level privileges. High:Contains attack objects matching exploits that attempt to disrupt a service, gain user-level access to a
networkdevice, or activate a Trojan horse previously loaded on a device. Medium:Contains attackobjects matching exploitsthat detect reconnaissance efforts attempting to access vital information through directory traversal or information leaks. Low:Contains attack objects matching exploits that attempt to obtain non-critical information or scan a network with a scanning tool.
Info:Contains attack objects matching normal, harmless traffic containing URLs, DNS lookup failures, SNMP public community strings, and Peer-to-Peer (P2P) parameters. You can use informational attack objects to obtain information about your network.
One Comment on “what attack signature group severity level is reported for reconnaissance attacks?”
I agree with the answer. C