Cisco IOS IPS Supported Signature List in 4.x Signature Format [Cisco IOS Intrusion Prevention System (IPS)]

Overview

Cisco Systems® releases IOS intrusion prevention system (IPS) signatures in the form of "S-files", which are lists of signatures and their characteristics. Cisco S-files contain signatures for all Cisco IPS platforms: Cisco IPS 42xx sensors, Cisco ASA 55xx appliances, intrusion detection system (IDS) modules for Cisco Catalyst® 6500 Series switches, and Cisco IOS® IPS. As Cisco creates new signatures, it updates the S-files and increments the file name (e.g. S294 as of August 2007). Cisco IOS IPS supports most, but not all, of the signatures in the S-files. This is because the other platforms (e.g. 42xx sensors) support additional "IPS inspection engines" that Cisco IOS IPS currently does not. Future Cisco IOS IPS releases may add support for these inspection engines.

The total number of signatures supported by Cisco IOS IPS routers depends on the Cisco IOS Software release and the signature distribution package version.

In Cisco IOS Software Release 12.3(14)T, Cisco IOS IPS added support for three STRING engines-STRING.TCP, STRING.UDP, and STRING.ICMP. Adding these engines resulted in a large number of new signatures being supported on Cisco IOS IPS routers. As of signature package IOS-S294.zip, the total number of signatures supported by Cisco IOS Software Release 12.3(14)T or later is 1700 (out of a total of 2011 signatures in the S294 file). Because of this and other IPS enhancements, Cisco recommends running Cisco IOS Software Release 12.4(4)T or later when using Cisco IOS IPS.

The following table lists all signatures supported in the IOS-S294.zip signature file, as of Cisco IOS Software Release 12.3(14)T or later. The list is sorted by signature ID. The signature name and signature engine information are also listed.

To download Cisco IOS IPS signature distribution packages, visit http://www.cisco.com/cgi-bin/tablebuild.pl/ios-sigup.

Feature History of Cisco IOS IPS

Cisco IOS Software Release	Modification
12.4(6)T	Session setup rate performance improvements
12.4(3a)/12.4(4)T	STRING engine memory optimization
12.4(4)T	MULTI-STRING engine support Trend Labs and Cisco Incident Control System (ICS); performance improvement; Distributed Threat Mitigation (DTM)
12.4(2)T	Layer 2 Transparent IPS support
12.3(14)T	Support for three string engines (STRING.TCP, STRING.UDP, and STRING.ICMP)
12.3(8)T	Support for Security Device Event Exchange (SDEE) protocol and for ATOMIC.IP, ATOMIC.ICMP, ATOMIC.IPOPTIONS, ATOMIC.UDP, ATOMIC.TCP, SERVICE.DNS, SERVICE.RPC, SERVICE.SMTP, SERVICE.HTTP, SERVICE.FTP, and OTHER engines

Reference:

• 12.3T New Features http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/index.htm

• 12.4T New Features http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124t/index.htm

• 12.6T New Features http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124t/124t6/index.htm

IOS-S294 Supported Full Signature List

The following table lists all signatures supported in Cisco IOS Software Release 12.3(14)T or later as of IOS-S294.zip file. Signatures are sorted by Signature ID. Signature name and signature engine information are also listed.

Signature ID	Signature Name	Engine
1000-0	BAD IP OPTION	ATOMIC.IPOPTIONS
1001-0	Record Packet Rte	ATOMIC.IPOPTIONS
1002-0	Timestamp	ATOMIC.IPOPTIONS
1003-0	Provide s,c,h,tcc	ATOMIC.IPOPTIONS
1004-0	Loose Src Rte	ATOMIC.IPOPTIONS
1005-0	SATNET ID	ATOMIC.IPOPTIONS
1006-0	Strict Src Rte	ATOMIC.IPOPTIONS
1007-0	IPv6 over IPv4	ATOMIC.L3.IP
1101-0	Unknown IP Proto	ATOMIC.L3.IP
1102-0	Impossible IP packet	ATOMIC.L3.IP
1104-0	IP Localhost Source Spoof	ATOMIC.L3.IP
1107-0	RFC1918 address	ATOMIC.L3.IP
1108-0	IP Packet with Proto 11	ATOMIC.L3.IP
1109-0	Cisco IOS Interface DoS	ATOMIC.L3.IP
1109-1	Cisco IOS Interface DoS	ATOMIC.L3.IP
1109-2	Cisco IOS Interface DoS	ATOMIC.L3.IP
1109-3	Cisco IOS Interface DoS	ATOMIC.L3.IP
1201-0	Frag Overlap	OTHER
1202-0	DGram too long	OTHER
1203-0	Frag Overwrite	OTHER
1204-0	No Initial Frag	OTHER
1205-0	Too Many Dgrams	OTHER
1206-0	Frag Too Small	OTHER
1207-0	Too Many Frags	OTHER
1208-0	Incomplete DGram	OTHER
2000-0	ICMP Echo Rply	ATOMIC.ICMP
2001-0	ICMP Host Unreachable	ATOMIC.ICMP
2001-1	ICMP Host Unreachable	ATOMIC.ICMP
2002-0	ICMP Src Quench	ATOMIC.ICMP
2003-0	ICMP Redirect	ATOMIC.ICMP
2004-0	ICMP Echo Req	ATOMIC.ICMP
2005-0	ICMP Time Exceed	ATOMIC.ICMP
2006-0	ICMP Param Prob	ATOMIC.ICMP
2007-0	ICMP Time Req	ATOMIC.ICMP
2008-0	ICMP Time Rply	ATOMIC.ICMP
2009-0	ICMP Info Req	ATOMIC.ICMP
2010-0	ICMP Info Rply	ATOMIC.ICMP
2011-0	ICMP Addr Msk Req	ATOMIC.ICMP
2012-0	ICMP Addr Msk Rply	ATOMIC.ICMP
2150-0	Fragmented ICMP	ATOMIC.ICMP
2151-0	Large ICMP	ATOMIC.L3.IP
2154-0	Ping Of Death	ATOMIC.L3.IP
2155-0	Modem DoS	STRING.ICMP
2156-0	Nachi Worm ICMP Echo Request	STRING.ICMP
2157-0	ICMP Hard Error DoS	ATOMIC.ICMP
2157-1	ICMP Hard Error DoS	ATOMIC.ICMP
2157-2	ICMP Hard Error DoS	ATOMIC.ICMP
2201-0	IGMP over fragmented IP	ATOMIC.L3.IP
2202-0	IGMP Invalid Packet DoS	ATOMIC.L3.IP
3038-0	TCP FRAG NULL Packet	ATOMIC.TCP
3039-0	TCP FRAG FIN Packet	ATOMIC.TCP
3040-0	TCP NULL Packet	ATOMIC.TCP
3041-0	TCP SYN/FIN Packet	ATOMIC.TCP
3042-0	TCP FIN Packet	ATOMIC.TCP
3043-0	TCP FRAG SYN/FIN Packet	ATOMIC.TCP
3050-0	Half-open Syn	OTHER
3051-0	TCP Connection Window Size DoS	ATOMIC.TCP
3051-1	TCP Connection Window Size DoS	ATOMIC.TCP
3100-0	SMTP RCPT TO	Bounce
3101-0	SMTP To	Bounce
3102-0	SMTP Invalid Sender	SERVICE.SMTP
3103-0	SMTP (EXPN or VRFY)	SERVICE.SMTP
3103-1	SMTP (EXPN or VRFY)	SERVICE.SMTP
3104-0	SMTP Archaic	SERVICE.SMTP
3104-1	SMTP Archaic	SERVICE.SMTP
3105-0	SMTP Decode	SERVICE.SMTP
3106-0	SMTP RCPT TO
3107-0	SMTP Majordomo Attack	SERVICE.SMTP
3108-0	SMTP MIME Content Overflow	SERVICE.SMTP
3109-0	Long SMTP Command	SERVICE.SMTP
3109-1	Long SMTP Command	SERVICE.SMTP
3110-0	SMTP Suspicious Attachment	SERVICE.SMTP
3111-0	W32 Sircam Malicious Code	STRING.TCP
3111-1	W32 Sircam Malicious Code	STRING.TCP
3112-0	Lotus Notes Mail Loop DoS	SERVICE.SMTP
3113-0	Email Attachment with Malicious Payload	STRING.TCP
3113-1	Email Attachment with Malicious Payload	STRING.TCP
3114-0	Fetchmail Arbitrary Code Execution	STRING.TCP
3115-0	Sendmail Data Header Overflow	SERVICE.SMTP
3115-3	Sendmail Data Header Overflow	SERVICE.SMTP
3116-0	NetBus	STRING.TCP
3117-0	KLEZ worm	STRING.TCP
3117-1	KLEZ worm	STRING.TCP
3118-0	rwhoisd format string	STRING.TCP
3119-0	WS_FTP STAT overflow	STRING.TCP
3120-0	ANTS Virus	STRING.TCP
3120-1	ANTS Virus	STRING.TCP
3121-0	Vintra MailServer EXPN DoS	STRING.TCP
3122-0	SMTP EXPN root Recon	STRING.TCP
3123-0	NetBus Pro Traffic	ATOMIC.TCP
3124-0	Sendmail prescan Memory Corruption	SERVICE.SMTP
3125-0	Postfix 1.1.12 envelope address DoS	SERVICE.SMTP
3126-0	Postfix bounce scan	SERVICE.SMTP
3127-0	SMTP AUTH Brute Force Attempt	SERVICE.SMTP
3128-1	Exchange xexch50 overflow	STRING.TCP
3129-0	Mimail Virus C Variant File Attachment	SERVICE.SMTP
3130-0	Mimail Virus I Variant File Attachment	STRING.TCP
3131-0	Mimail Virus L Variant File Attachment	STRING.TCP
3132-0	Novarg / Mydoom Virus Mail Attachment	STRING.TCP
3132-1	Novarg / Mydoom Virus Mail Attachment	STRING.TCP
3133-0	Novarg / Mydoom Virus Mail Attachment Variant B	STRING.TCP
3133-1	Novarg / Mydoom Virus Mail Attachment Variant B	STRING.TCP
3135-0	MyDoom Virus Activity	STRING.TCP
3135-1	MyDoom Virus Activity	STRING.TCP
3135-2	MyDoom Virus Activity	STRING.TCP
3135-3	MyDoom Virus Activity	STRING.TCP
3135-4	MyDoom Virus Activity	STRING.TCP
3135-5	MyDoom Virus Activity	STRING.TCP
3135-6	MyDoom Virus Activity	STRING.TCP
3135-7	MyDoom Virus Activity	STRING.TCP
3136-0	Netsky Virus Activity	STRING.TCP
3136-1	Netsky Virus Activity	STRING.TCP
3136-2	Netsky Virus Activity	STRING.TCP
3136-3	Netsky Virus Activity	STRING.TCP
3136-4	Netsky Virus Activity	STRING.TCP
3136-5	Netsky Virus Activity	STRING.TCP
3136-6	Netsky Virus Activity	STRING.TCP
3136-7	Netsky Virus Activity	STRING.TCP
3136-8	Netsky Virus Activity	STRING.TCP
3136-9	Netsky Virus Activity	STRING.TCP
3136-10	Netsky Virus Activity	STRING.TCP
3136-11	Netsky Virus Activity	STRING.TCP
3137-0	Sober Virus Activity	STRING.TCP
3137-1	Sober Virus Activity	STRING.TCP
3137-2	Sober Virus Activity	STRING.TCP
3137-3	Sober Virus Activity	STRING.TCP
3137-4	Sober Virus Activity	STRING.TCP
3137-5	Sober Virus Activity	STRING.TCP
3137-6	Sober Virus Activity	STRING.TCP
3138-0	Bagle.C Virus Email Attachment	STRING.TCP
3139-0	Bagle.E Virus Email Attachment	STRING.TCP
3140-0	Bagle Virus Activity	STRING.TCP
3140-1	Bagle Virus Activity	STRING.TCP
3140-2	Bagle Virus Activity	STRING.TCP
3140-3	Bagle Virus Activity	SERVICE.HTTP
3140-4	Bagle Virus Activity	SERVICE.HTTP
3140-5	Bagle Virus Activity	STRING.TCP
3140-6	Bagle Virus Activity	STRING.TCP
3140-7	Bagle Virus Activity	STRING.TCP
3140-8	Bagle Virus Activity	STRING.TCP
3140-9	Bagle Virus Activity	STRING.TCP
3140-10	Bagle Virus Activity	STRING.TCP
3140-11	Bagle Virus Activity	STRING.TCP
3140-12	Bagle Virus Activity	STRING.TCP
3140-13	Bagle Virus Activity	STRING.TCP
3140-14	Bagle Virus Activity	STRING.TCP
3140-15	Bagle Virus Activity	STRING.TCP
3140-16	Bagle Virus Activity	STRING.TCP
3140-17	Bagle Virus Activity	STRING.TCP
3140-18	Bagle Virus Activity	STRING.TCP
3140-19	Bagle Virus Activity	STRING.TCP
3141-0	Lovgate Worm Activity	STRING.TCP
3142-0	Sasser Worm Activity	STRING.TCP
3142-1	Sasser Worm Activity	STRING.TCP
3142-3	Sasser Worm Activity	STRING.TCP
3143-0	BERBEW Trojan Activity	STRING.TCP
3143-1	BERBEW Trojan Activity	STRING.UDP
3143-2	BERBEW Trojan Activity	STRING.UDP
3144-0	Ratos Worm Activity	STRING.TCP
3145-0	ZAFI Worm Activity	STRING.TCP
3145-1	ZAFI Worm Activity	STRING.TCP
3146-0	Bropia Worm Activity	STRING.TCP
3150-0	FTP SITE	STRING.TCP
3150-1	FTP SITE	STRING.TCP
3151-0	FTP SYST	STRING.TCP
3152-0	FTP CWD ~root	STRING.TCP
3153-0	FTP Improper Address	SERVICE.FTP
3154-0	FTP Improper port	SERVICE.FTP
3155-0	FTP RETR \| exploit	STRING.TCP
3156-0	FTP STOR Pipe exploit	STRING.TCP
3157-0	FTP PASV Port Spoof	SERVICE.FTP
3158-0	FTP SITE EXEC Format String	STRING.TCP
3159-0	FTP PASS Suspicious Length	STRING.TCP
3160-0	Cesar FTP Buffer Overflow	STRING.TCP
3161-0	FTP realpath Buffer Overflow	STRING.TCP
3161-1	FTP realpath Buffer Overflow	STRING.TCP
3162-0	glFtpD LIST DoS	STRING.TCP
3163-0	wu-ftpd heap corruption	STRING.TCP
3164-0	Instant Server Mini Portal Directory Traversal	STRING.TCP
3165-0	FTP SITE EXEC	STRING.TCP
3166-0	FTP USER Suspicious Length	STRING.TCP
3167-0	Format String in FTP username	STRING.TCP
3168-0	FTP SITE EXEC Directory Traversal	STRING.TCP
3169-0	FTP SITE EXEC tar	STRING.TCP
3170-0	WS_FTP SITE CPWD Buffer Overflow	STRING.TCP
3171-0	Ftp Priviledged Login	STRING.TCP
3171-1	Ftp Privledged Login	STRING.TCP
3172-0	Ftp Cwd Overflow	STRING.TCP
3173-0	Long FTP Command	STRING.TCP
3175-0	ProFTPD STAT DoS	STRING.TCP
3177-0	Long MDTM Command	STRING.TCP
3178-0	Denial Of Service in Microsoft SMS Client	STRING.TCP
3179-0	ftpdchk DOS	STRING.TCP
3180-0	BakBone NetVault Remote Heap Overflow	STRING.TCP
3180-1	BakBone NetVault Remote Heap Overflow	STRING.TCP
3181-0	dSMTP Mail Server Format String Overflow	STRING.TCP
3200-0	WWW phf	SERVICE.HTTP
3201-1	Unix Password File Access Attempt	SERVICE.HTTP
3201-2	Unix Password File Access Attempt	SERVICE.HTTP
3201-3	Unix Password File Access Attempt	SERVICE.HTTP
3201-4	Unix Password File Access Attempt	SERVICE.HTTP
3201-5	Unix Password File Access Attempt	SERVICE.HTTP
3201-6	Unix Password File Access Attempt	SERVICE.HTTP
3202-0	WWW .url file	SERVICE.HTTP
3203-0	WWW .lnk file	SERVICE.HTTP
3204-0	WWW .bat file	SERVICE.HTTP
3205-0	HTML page has .url link	STRING.TCP
3206-0	HTML page has .lnk link	STRING.TCP
3207-0	HTML page has .bat link	STRING.TCP
3208-0	WWW campas attack	SERVICE.HTTP
3209-0	WWW glimpse server attack	SERVICE.HTTP
3210-0	WWW IIS View Source Bug	SERVICE.HTTP
3210-1	WWW IIS View Source Bug	SERVICE.HTTP
3210-2	WWW IIS View Source Bug	SERVICE.HTTP
3210-3	WWW IIS View Source Bug	SERVICE.HTTP
3211-0	WWW IIS Hex View Source Bug	SERVICE.HTTP
3211-1	WWW IIS Hex View Source Bug	SERVICE.HTTP
3211-2	WWW IIS Hex View Source Bug	SERVICE.HTTP
3211-3	WWW IIS Hex View Source Bug	SERVICE.HTTP
3212-0	WWW NPH-TEST-CGI Bug	SERVICE.HTTP
3213-0	WWW TEST-CGI Bug	SERVICE.HTTP
3214-0	IIS DOT DOT VIEW Attack	SERVICE.HTTP
3215-0	IIS DOT DOT EXECUTE Attack	SERVICE.HTTP
3216-0	WWW Directory Traversal ../..	SERVICE.HTTP
3217-0	WWW php view file Bug	SERVICE.HTTP
3218-0	WWW SGI wrap bug	SERVICE.HTTP
3219-0	WWW php buffer overflow	SERVICE.HTTP
3220-0	WWW IIS Long URL Crash	SERVICE.HTTP
3221-0	WWW View Source GGI Bug	SERVICE.HTTP
3222-0	WWW PHP Log Scripts Read Attack	SERVICE.HTTP
3223-0	WWW Handler CGI BUG	SERVICE.HTTP
3224-0	WWW Webgais Bug	SERVICE.HTTP
3225-0	WWW websendmail File Access	SERVICE.HTTP
3226-0	WWW Webdist Bug	SERVICE.HTTP
3227-0	WWW Htmlscript Bug	SERVICE.HTTP
3228-0	WWW Perfomer Bug	SERVICE.HTTP
3229-0	WebSite win-c-sample buffer overflow	SERVICE.HTTP
3230-0	WebSite uploader	SERVICE.HTTP
3231-0	Novell convert Bug	SERVICE.HTTP
3232-0	WWW finger attempt	SERVICE.HTTP
3233-0	WWW count-cgi Overflow	SERVICE.HTTP
3234-0	IE Local Trusted Resource Execution	SERVICE.HTTP
3234-1	IE Local Trusted Resource Execution	SERVICE.HTTP
3235-0	showHelp CHM File Execution Weakness	STRING.TCP
3235-1	showHelp CHM File Execution Weakness	STRING.TCP
3236-0	IIS Path Disclosure	SERVICE.HTTP
3254-0	XML-RPC PHP Command Execution	SERVICE.HTTP
3254-1	XML-RPC PHP Command Execution	SERVICE.HTTP
3255-0	Apache Long HTTP Header DoS	SERVICE.HTTP
3300-0	Netbios OOB Data	ATOMIC.TCP
3301-0	NbtStat Query	ATOMIC.UDP
3315-0	Microsoft Windows 9x NetBIOS NULL Name Vulnerability	STRING.TCP
3316-0	Project1 DOS	STRING.TCP
3325-0	Samba call_trans2open Overflow	STRING.TCP
3326-0	Windows Startup Folder Remote Access	STRING.TCP
3327-0	Windows RPC DCOM Overflow	STRING.TCP
3327-1	Windows RPC DCOM Overflow	STRING.UDP
3327-2	Windows RPC DCOM Overflow	ATOMIC.TCP
3327-3	Windows RPC DCOM Overflow	ATOMIC.TCP
3328-0	Windows SMB/RPC NoOp Sled	STRING.TCP
3328-2	Windows SMB/RPC NoOp Sled	STRING.TCP
3330-0	Windows RPCSS Overflow 2	STRING.TCP
3331-1	UDP MSRPC Messenger Overflow	STRING.UDP
3331-2	UDP MSRPC Messenger Overflow	STRING.UDP
3336-0	Windows ASN.1 Bit String NTLMv2 Integer Overflow	STRING.TCP
3337-0	Windows RPC Race Condition Exploitation	STRING.TCP
3340-0	Windows Shell External Handler	STRING.TCP
3341-0	Metasploit Activity	STRING.TCP
3342-1	Windows NetDDE Overflow	STRING.TCP
3343-0	Windows Account Locked	STRING.TCP
3344-0	Windows 2000 TCP RPC DoS	STRING.TCP
3345-0	RPC WinNuke	ATOMIC.TCP
3346-0	Windows TSShutdn.exe Attempt	STRING.TCP
3347-0	Windows ASN.1 Library Bit String Heap Corruption	SERVICE.HTTP
3347-1	Windows ASN.1 Library Bit String Heap Corruption	STRING.TCP
3347-2	Windows ASN.1 Library Bit String Heap Corruption	SERVICE.HTTP
3400-0	Sun Kill Telnet DOS	STRING.TCP
3401-0	IFS=/	STRING.TCP
3401-1	IFS=/	STRING.TCP
3402-0	BSD Telnet Daemon Buffer Overflow	STRING.TCP
3402-1	BSD Telnet Daemon Buffer Overflow	STRING.TCP
3402-2	BSD Telnet Daemon Buffer Overflow	STRING.TCP
3402-3	BSD Telnet Daemon Buffer Overflow	STRING.TCP
3402-4	BSD Telnet Daemon Buffer Overflow	STRING.TCP
3403-0	Telnet Excessive Environment Options	STRING.TCP
3404-0	SysV /bin/login Overflow	STRING.TCP
3404-1	SysV /bin/login Overflow	STRING.TCP
3405-0	Avirt Gateway proxy Telnet Buffer Overflow	STRING.TCP
3406-0	Solaris TTYPROMPT /bin/login Overflow	STRING.TCP
3407-0	Telnet Client NEW ENVIRON Option Overflow	STRING.TCP
3408-0	Telnet Client LINEMODE SLC Option Overflow	STRING.TCP
3409-0	Telnet Over Non-standard Ports	STRING.TCP
3409-1	Telnet Over Non-standard Ports	STRING.TCP
3409-2	Telnet Over Non-standard Ports	STRING.TCP
3450-0	Finger Bomb	STRING.TCP
3451-0	BearShare Directory Traversal	STRING.TCP
3452-0	gopherd halidate Overflow	STRING.TCP
3453-0	MS NetMeeting RDS DoS	STRING.TCP
3454-0	CheckPoint Firewall Information Leak	STRING.TCP
3455-0	Java Web Server Cmd Exec	STRING.TCP
3456-0	Solaris in.fingerd Information Leak	STRING.TCP
3456-1	Solaris in.fingerd Information Leak	STRING.TCP
3456-3	Solaris in.fingerd Information Leak	STRING.TCP
3457-0	Finger root shell	STRING.TCP
3458-0	AIM game invite overflow	STRING.TCP
3459-0	ValiCert forms.exe overflow	STRING.TCP
3459-1	ValiCert forms.exe overflow	STRING.TCP
3461-0	Finger probe	STRING.TCP
3462-0	Finger Redirect	STRING.TCP
3463-0	Finger root	STRING.TCP
3464-0	File access in finger	STRING.TCP
3465-0	Finger Activity	STRING.TCP
3466-0	RAS/PPTP Malformed Control Packet DOS	STRING.TCP
3500-0	rlogin -froot	STRING.TCP
3501-0	Rlogin Long TERM Variable	STRING.TCP
3502-0	rlogin Activity	STRING.TCP
3525-0	Imap Auth Overflow	STRING.TCP
3526-0	Imap Login Overflow	STRING.TCP
3527-0	UW imapd Overflows	STRING.TCP
3527-1	UW imapd Overflows	STRING.TCP
3527-2	UW imapd Overflows	STRING.TCP
3527-3	UW imapd Overflows	STRING.TCP
3527-4	UW imapd Overflows	STRING.TCP
3527-5	UW imapd Overflows	STRING.TCP
3527-6	UW imapd Overflows	STRING.TCP
3528-0	IPSwitch IMail DELETE Command Overflow	STRING.TCP
3529-0	IMAP Long EXAMINE Command	STRING.TCP
3534-0	IMAP Long AUTHENTICATE Command	STRING.TCP
3537-0	MailEnable HTTP Authorization Buffer Overflow	STRING.TCP
3540-0	Cisco Secure ACS CSAdmin attack	STRING.TCP
3550-0	POP Overflow	STRING.TCP
3551-0	POP User Root	STRING.TCP
3575-0	Inn Overflow	STRING.TCP
3576-0	Inn Control Message	STRING.TCP
3577-0	IMAP LOGIN Command Invalid Username	STRING.TCP
3578-0	IMAP Format String	STRING.TCP
3602-0	IOS Cisco Identification	STRING.TCP
3604-0	Cisco Catalyst CR DoS	STRING.TCP
3652-0	SSH Gobbles	STRING.TCP
3700-0	CDE dtspcd Overflow	STRING.TCP
3701-0	Oracle 9iAS Web Cache Buffer Overflow	SERVICE.HTTP
3703-0	Squid FTP URL Buffer Overflow	STRING.TCP
3704-0	IIS FTP STAT Denial of Service	STRING.TCP
3705-0	Tivoli Storage Manager Client Acceptor Overflow	SERVICE.HTTP
3706-0	MIT PGP Public Key Server Overflow	STRING.TCP
3707-0	Perl fingerd Command Exec	STRING.TCP
3708-0	AnalogX Proxy Socks4a DNS Overflow	STRING.TCP
3709-0	AnalogX Proxy Web Proxy Overflow	STRING.TCP
3710-0	Cisco Securce ACS Directory Traversal	SERVICE.HTTP
3711-0	FireWall1 auth replay DoS	STRING.TCP
3714-0	Oracle TNS 'Service_Name' Overflow	STRING.TCP
3716-0	GDI+ JPEG Buffer Overflow	STRING.TCP
3716-1	GDI+ JPEG Buffer Overflow	STRING.TCP
3718-0	Windows ANI File DOS	STRING.TCP
3719-0	MSN Messenger PNG Overflow	STRING.TCP
3728-0	Long pop username	STRING.TCP
3729-0	Long pop password	STRING.TCP
3730-0	Trinoo (TCP)	STRING.TCP
3730-1	Trinoo (TCP)	STRING.TCP
3731-0	IMail HTTP Get Buffer Overflow	STRING.TCP
3732-0	MSSQL xp_cmdshell Usage	STRING.TCP
3733-0	Real Server Format Overflow	STRING.TCP
3734-0	Cfengine Overflow	STRING.TCP
3735-0	CVS Flag Insertion Overflow	STRING.TCP
3736-0	Subversion get-dated-rev overflow	STRING.TCP
3737-0	Squid proxy NTLM auth overflow	STRING.TCP
3738-0	CVS Argumentx Vulnerability	STRING.TCP
3739-0	Nullsoft SHOUTcast Format String Attack	SERVICE.HTTP
3782-0	mIRC DCC Send Buffer Overflow	STRING.TCP
3783-0	BrightStor Backup UDP Probe Overflow	STRING.UDP
3784-0	BrightStor Discovery Service SERVICEPC Overflow	STRING.TCP
3785-0	Oracle 9i XDB FTP UNLOCK Buffer Overflow	STRING.TCP
3786-0	Oracle 9i XDB FTP PASS Buffer Overflow	STRING.TCP
3787-0	IRIX Printing System Remote Command Execution	STRING.TCP
3788-0	Solaris LPD Remote Command Execution	STRING.TCP
3790-0	HP Openview Omniback II Command Execution	STRING.TCP
3791-0	Solaris Printd Unlink File Deletion	STRING.TCP
3792-0	Long Telnet Username	STRING.TCP
3793-0	ZENworks 6.5 Authentication Overflow	STRING.TCP
3802-0	Oracle iSQL*PLus Overflow	SERVICE.HTTP
3883-0	Apache mod_proxy Buffer Overflow	STRING.TCP
3884-0	Cfengine Authentication Heap Based Buffer Overflow	STRING.TCP
4050-0	UDP Bomb	ATOMIC.UDP
4051-1	Snork	ATOMIC.UDP
4051-2	Snork	ATOMIC.UDP
4051-3	Snork	ATOMIC.UDP
4052-1	Chargen DoS	ATOMIC.UDP
4052-2	Chargen DoS	ATOMIC.UDP
4054-0	RIP Trace	STRING.UDP
4054-1	RIP Trace	STRING.UDP
4060-0	Back Orifice Ping	STRING.UDP
4060-1	Back Orifice Ping	STRING.UDP
4061-0	Chargen Echo DoS	ATOMIC.UDP
4062-0	Cisco CSS 11000 Malformed UDP DoS	ATOMIC.UDP
4100-0	Tftp passwd	STRING.UDP
4101-0	Cisco TFTPD Directory Traversal	STRING.UDP
4150-0	Ascend Kill	STRING.UDP
4151-0	BOBAX Virus Activity	STRING.TCP
4151-1	BOBAX Virus Activity	STRING.TCP
4513-0	Cisco SNMP Message Processing DoS	STRING.UDP
4514-0	SNMP Community String Public	STRING.UDP
4600-0	IOS Udp Bomb	ATOMIC.UDP
4601-0	CheckPoint Firewall RDP ByPass	STRING.UDP
4601-1	CheckPoint Firewall RDP ByPass	STRING.UDP
4601-2	CheckPoint Firewall RDP ByPass	STRING.UDP
4601-3	CheckPoint Firewall RDP ByPass	STRING.UDP
4602-0	Beagle (Bagle) Virus DNS Lookup	STRING.UDP
4602-1	Beagle (Bagle) Virus DNS Lookup	STRING.UDP
4602-2	Beagle (Bagle) Virus DNS Lookup	STRING.TCP
4603-0	DHCP Discover	STRING.UDP
4604-0	DHCP Request	STRING.UDP
4605-0	DHCP Offer	STRING.UDP
4606-0	Cisco TFTP Long Filename Buffer Overflow	STRING.UDP
4607-0	Deep Throat Response	STRING.UDP
4607-1	Deep Throat Response	STRING.UDP
4607-2	Deep Throat Response	STRING.UDP
4607-3	Deep Throat Response	STRING.UDP
4607-4	Deep Throat Response	STRING.UDP
4608-0	Trinoo (UDP)	STRING.UDP
4608-1	Trinoo (UDP)	STRING.UDP
4608-2	Trinoo (UDP)	STRING.UDP
4609-0	Orinoco SNMP Info Leak	STRING.UDP
4610-0	Kerberos 4 User Recon	STRING.UDP
4611-0	D-Link DWL-900AP+ TFTP Config Retrieve	STRING.UDP
4612-0	Cisco IP Phone TFTP Config Retrieve	STRING.UDP
4613-0	TFTP Filename Buffer Overflow	STRING.UDP
4615-0	Beagle.B (Bagle.B) Virus DNS Lookup	STRING.UDP
4615-1	Beagle.B (Bagle.B) Virus DNS Lookup	STRING.UDP
4617-0	PoPToP PPtP Short Length Overflow	STRING.TCP
4617-1	PoPToP PPtP Short Length Overflow	STRING.TCP
4619-0	Invalid DHCP Packet	ATOMIC.UDP
4620-0	DNS Limited Broadcast Query	ATOMIC.UDP
4701-0	MSSQL Resolution Service Stack Overflow	STRING.UDP
4702-0	MSSQL Resolution Service Heap Overflow	STRING.UDP
5034-0	WWW IIS newdsn attack	SERVICE.HTTP
5035-0	WWW faxsurvey?	SERVICE.HTTP
5036-1	WWW Windows Password File Access Attempt	SERVICE.HTTP
5036-2	WWW Windows Password File Access Attempt	SERVICE.HTTP
5037-0	WWW MachineInfo attempt	SERVICE.HTTP
5038-0	WWW wwwsql file read Bug	SERVICE.HTTP
5039-0	WWW finger attempt	SERVICE.HTTP
5040-1	WWW perl interpreter attack	SERVICE.HTTP
5040-2	WWW perl interpreter attack	SERVICE.HTTP
5040-3	WWW perl interpreter attack	SERVICE.HTTP
5041-0	WWW anyform attack	SERVICE.HTTP
5042-1	WWW valid shell access attempt	SERVICE.HTTP
5042-2	WWW valid shell access attempt	SERVICE.HTTP
5042-3	WWW valid shell access attempt	SERVICE.HTTP
5042-4	WWW valid shell access attempt	SERVICE.HTTP
5042-5	WWW valid shell access attempt	SERVICE.HTTP
5042-6	WWW valid shell access attempt	SERVICE.HTTP
5043-1	WWW Cold Fusion Attack	SERVICE.HTTP
5043-2	WWW Cold Fusion Attack	SERVICE.HTTP
5043-3	WWW Cold Fusion Attack	SERVICE.HTTP
5044-0	WWW Webcom.se Guestbook attack	SERVICE.HTTP
5045-0	WWW xterm display attack	SERVICE.HTTP
5046-0	WWW dumpenv.pl recon	SERVICE.HTTP
5047-0	WWW Server Side Include POST attack	SERVICE.HTTP
5048-0	WWW IIS BAT EXE attack	SERVICE.HTTP
5049-0	WWW IIS showcode.asp access	SERVICE.HTTP
5050-0	WWW IIS .htr Overflow	SERVICE.HTTP
5051-0	WWW IIS double-byte attack	SERVICE.HTTP
5051-1	WWW IIS double-byte attack	SERVICE.HTTP
5051-2	WWW IIS double-byte attack	SERVICE.HTTP
5052-0	WWW VTI Open attempt	SERVICE.HTTP
5053-0	WWW VTI bin list attempt	SERVICE.HTTP
5054-0	WWW WWWBoard attack	SERVICE.HTTP
5055-0	WWW Basic Auth Overflow	SERVICE.HTTP
5056-0	WWW Cisco IOS %% DoS	SERVICE.HTTP
5057-0	WWW Sambar Samples	SERVICE.HTTP
5057-1	WWW Sambar Samples	SERVICE.HTTP
5058-0	WWW info2www attack	SERVICE.HTTP
5059-0	WWW Alibaba attack	SERVICE.HTTP
5059-1	WWW Alibaba attack	SERVICE.HTTP
5059-2	WWW Alibaba attack	SERVICE.HTTP
5060-0	WWW Excite AT-generate.cgi access	SERVICE.HTTP
5061-0	WWW catalog_type.asp access	SERVICE.HTTP
5062-0	WWW classifieds.cgi attack	SERVICE.HTTP
5063-0	WWW dbmlparser.exe access	SERVICE.HTTP
5064-0	WWW imagemap.cgi attack	SERVICE.HTTP
5065-0	WWW IRIX infosrch.cgi attack	SERVICE.HTTP
5066-0	WWW man.sh access	SERVICE.HTTP
5067-0	WWW plusmail attack	SERVICE.HTTP
5068-0	WWW formmail.pl access	SERVICE.HTTP
5069-0	WWW whois_raw.cgi attack	SERVICE.HTTP
5070-0	WWW msadcs.dll access	SERVICE.HTTP
5071-0	WWW msadcs.dll attack	SERVICE.HTTP
5072-0	WWW bizdb1-search.cgi attack	SERVICE.HTTP
5073-0	WWW EZShopper loadpage.cgi attack	SERVICE.HTTP
5074-0	WWW EZShopper search.cgi attack	SERVICE.HTTP
5075-0	WWW IIS Virtualized UNC Bug	SERVICE.HTTP
5076-0	WWW webplus bug	SERVICE.HTTP
5077-0	WWW Excite AT-admin.cgi access	SERVICE.HTTP
5078-0	WWW Piranha passwd attack	SERVICE.HTTP
5079-0	WWW PCCS MySQL admin access	SERVICE.HTTP
5080-0	WWW IBM WebSphere access	SERVICE.HTTP
5081-0	WWW WinNT cmd.exe access	SERVICE.HTTP
5083-0	WWW Virtual Vision FTP browser access	SERVICE.HTTP
5084-0	WWW Alibaba attack 2	SERVICE.HTTP
5084-1	WWW Alibaba attack 2	SERVICE.HTTP
5085-0	WWW IIS Source Fragment access	SERVICE.HTTP
5086-0	WWW WEBactive Logfile access	SERVICE.HTTP
5087-0	WWW Sun Java Server access	SERVICE.HTTP
5087-1	WWW Sun Java Server access	SERVICE.HTTP
5088-0	WWW Akopia MiniVend access	SERVICE.HTTP
5089-0	WWW Big Brother directory access	SERVICE.HTTP
5090-0	WWW Frontpage htimage.exe access	SERVICE.HTTP
5091-0	WWW Cart32 Remote Admin access	SERVICE.HTTP
5091-1	WWW Cart32 Remote Admin access	SERVICE.HTTP
5092-0	WWW CGI-World Poll It access	SERVICE.HTTP
5093-0	WWW PHP-Nuke admin.php3 access	SERVICE.HTTP
5095-0	WWW CGI Script Center Account Manager attack	SERVICE.HTTP
5096-0	WWW CGI Script Center Subscribe Me attack	SERVICE.HTTP
5097-0	WWW FrontPage MS-DOS Device attack	SERVICE.HTTP
5097-1	WWW FrontPage MS-DOS Device attack	SERVICE.HTTP
5097-2	WWW FrontPage MS-DOS Device attack	SERVICE.HTTP
5099-0	WWW GWScripts News Publisher access	SERVICE.HTTP
5100-0	WWW CGI Center Auction Weaver file access	SERVICE.HTTP
5101-0	WWW CGI Center Auction Weaver attack	SERVICE.HTTP
5102-0	WWW phpPhotoAlbum explorer.php access	SERVICE.HTTP
5103-0	WWW SuSE Apache CGI Source access	SERVICE.HTTP
5104-0	WWW YaBB file access	SERVICE.HTTP
5105-0	WWW Randy Johnson mailto.cgi attack	SERVICE.HTTP
5106-0	WWW Randy Johnson mailform.pl access	SERVICE.HTTP
5107-0	WWW Mandrake Linux /perl access	SERVICE.HTTP
5108-0	WWW Netegrity SiteMinder access	SERVICE.HTTP
5108-1	WWW Netegrity SiteMinder access	SERVICE.HTTP
5108-2	WWW Netegrity SiteMinder access	SERVICE.HTTP
5109-0	WWW Sambar Beta search.dll access	SERVICE.HTTP
5109-1	WWW Sambar Beta search.dll access	SERVICE.HTTP
5110-0	WWW SuSE Installed Packages access	SERVICE.HTTP
5111-0	WWW Solaris AnswerBook 2 access	SERVICE.HTTP
5112-0	WWW Solaris AnswerBook 2 attack	SERVICE.HTTP
5113-0	WWW CommuniGate Pro access	SERVICE.HTTP
5114-0	WWW IIS Unicode attack	SERVICE.HTTP
5114-1	WWW IIS Unicode attack	SERVICE.HTTP
5114-2	WWW IIS Unicode attack	SERVICE.HTTP
5114-3	WWW IIS Unicode attack	SERVICE.HTTP

Hierarchical Navigation

Cisco IOS Intrusion Prevention System (IPS)

Cisco IOS IPS Supported Signature List in 4.x Signature Format

Downloads