Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Understanding the Deep Packet Inspection (DPI) errors generated in Deep Security

    • Updated:
    • 11 Sep 2015
    • Product/Version:
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Deep Security as a Service 2.0
    • Platform:
    • Linux - Red Hat RHEL 5 64-bit
    • Unix - Solaris (Sun) version 10 (SunOS 5.10)
    • Windows 2003 Enterprise
    • Windows 2003 Standard 64-bit
    • Windows 2008 Standard
    • Windows 7 64-bit
    • Windows Vista 64-bit
    • Windows XP Professional
Summary
Know about the different DPI error events triggered in Deep Security.
Details
Public
Here are several DPI error events and their meanings:
EventDetails
Base 64 Decoding ErrorPacket content that was expected to be encoded in Base64 format was not encoded correctly.
Client Attempted to RollbackA client attempted to roll back to an earlier version of the SSL protocol instead of the version specified in the ClientHello message.
Corrupted Deflate/GZIP ContentCorrupted Deflate/GZIP Content
Deflate/GZIP Checksum ErrorDeflate/GZIP Checksum Error
Double Decoding ExploitDouble decoding exploit attempt (%25xx, %25%xxd, etc.)
Edit Too LargeEditing attempted to increase the size of the region above the maximum allowed size (8188 bytes).
Error Decrypting Pre-master KeyUnable to unwrap the pre-master secret from the ClientKeyExchange message.
Error Generating Master Key(s)Unable to derive the cryptographic keys, Mac secrets, and initialization vectors from the master secret.
Error Generating Pre-Master RequestAn error occurred when trying to queue the pre-master secret for decryption.
Handshake Message (not ready)The SSL state engine has encountered a handshake message after the handshake has been negotiated.
Illegal Character in URIIllegal character used in URI
Incomplete Deflate/GZIP ContentCorrupted deflate/gzip content
Incomplete UTF8 SequenceURI ended in middle of utf8 sequence
Int Min/Max/Choice Constraint FailureA protocol decoding rule decoded data that did not meet the protocol content constraints.
Internal ErrorThe protocol decoding engine detected an internal corruption while processing a loop or nested type.
Invalid Hex Encoding%nn where nn are not hex digits
Invalid Lexical Instruction An internal error occurred causing the protocol decoding stack to become corrupt and stop processing for the connection.
Invalid Parameters In HandshakeAn invalid value was encountered while trying to decode the handshake protocol.
Invalid TraversalTried to use "../../" above root
Invalid Use of CharacterUsed disabled character
Invalid UTF8 encodingInvalid/non-canonical encoding attempt
Key Exchange ErrorThe server attempted to establish an SSL session with temporarily generated key.
Key Too LargeThe master secret keys are larger than what was specified by the protocol identifier.
Max Matches in Packet ExceededThere are more than 2048 positions in the packet with pattern match occurrences. An error is returned at this limit and the connection is dropped because this usually indicates a garbage or evasive packet.
Maximum Edits ExceededThe maximum number of edits (32) in a single region of a packet was exceeded.
Memory Allocation ErrorThe packet could not be processed properly because resources were exhausted. This may happen when too many current connections require buffering (max 2048) or matching resources (max 128) at the same time, or because of excessive matches in a single IP packet (max 2048), or because the system is out of memory.
Out Of Order Handshake MessageA well formatted handshake message has been encountered out of sequence.
Packet Read ErrorLow level problem reading packet data.
Record Layer MessageThe SSL state engine has encountered an SSL record before initialization of the session.
Region Too BigA region (edit region, uri, etc.) exceeded the maximum allowed buffering size (7570 bytes) without being closed. This is usually because the data does not conform to the protocol.
Renewal ErrorAn SSL session was being requested with a cached session key that could not be located.
Runtime ErrorRuntime error
Search Limit ReachedA protocol decoding rule defined a limit for a search or pdu object but the object was not found before reaching the limit.
Stack DepthA rule programming error attempted to cause recursion or used many nested procedure calls.
Type Nesting Too DeepA protocol decoding rule encountered a type definition and packet content that caused the maximum type nesting depth (16) to be exceeded.
Unsupported CipherAn unknown or unsupported Cipher Suite was requested.
Unsupported Deflate/GZIP DictionaryUnsupported Deflate/GZIP Dictionary
Unsupported GZIP Header Format/MethodUnsupported GZIP Header Format/Method
Unsupported SSL VersionA client attempted to negotiate an SSL V2 session.
URI Path Depth ExceededToo many "/" separators, max 100 path depth
URI Path Length Too LongPath length is greater than 512 characters.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1060430
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.