Cisco IOS IPS Supported Signature List in 5.x Signature Format [Cisco IOS Intrusion Prevention System (IPS)]

Overview

In Cisco IOS Software Release 12.4(11)T and later release, Cisco IOS IPS supports 5.x signature format. Cisco posts signature package in 5.x signature format at the following location http://www.cisco.com/pcgi-bin/tablebuild.pl/ios-v5sigup.

With the support of 5.x signature format, IOS IPS supports NDA (encrypted) signatures that are not supported by signature format 4.x. This document provides a list of signatures that are supported by IOS IPS in 12.4(11)T and later releases.

Feature History of Cisco IOS IPS

Cisco IOS Software Release	Modification
12.4(15)T	Native support for Microsoft SMB and MSRPC protocol signatures
12.4(11)T	Support for: • Encrypted signatures • Risk Rating value in IPS alarms • Signature Event Action Processor (SEAP) • Cisco IPS version 5.x signature format • IDCONF based configuration: Available only with 12.4(11)T2 or later • Automatic signature package downloads from a local server
12.4(3a)/12.4(4)T	STRING engine memory optimization
12.4(4)T	MULTI-STRING engine support Trend Labs and Cisco Incident Control System (ICS); performance improvement; Distributed Threat Mitigation (DTM)
12.4(2)T	Layer 2 Transparent IPS support
12.3(14)T	Support for three string engines (STRING.TCP, STRING.UDP, and STRING.ICMP)
12.3(8)T	Support for Security Device Event Exchange (SDEE) protocol and for ATOMIC.IP, ATOMIC.ICMP, ATOMIC.IPOPTIONS, ATOMIC.UDP, ATOMIC.TCP, SERVICE.DNS, SERVICE.RPC, SERVICE.SMTP, SERVICE.HTTP, SERVICE.FTP, and OTHER engines

Reference:

• 12.4T New Features: http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124newft/124t/index.htm

• IOS-S294-CLI.pkg Supported Signature List

The following table lists all signatures supported in Cisco IOS Software Release 12.4(11)T or later release as of IOS-S294-CLI.pkg file. Signatures are sorted by Signature ID. Signature name and signature engine information are also listed.

Signature ID	Signature Name	Signature Engine
1000-0	IP options-Bad Option List	atomic-ip
1001-0	IP options-Record Packet Route	atomic-ip
1002-0	IP options-Timestamp	atomic-ip
1003-0	IP options-Provide s,c,h,tcc	atomic-ip
1004-0	IP options-Loose Source Route	atomic-ip
1005-0	IP options-SATNET ID	atomic-ip
1006-0	IP options-Strict Source Route	atomic-ip
1007-0	IPv6 over IPv4	atomic-ip
1101-0	Unknown IP Protocol	atomic-ip
1102-0	Impossible IP Packet	atomic-ip
1104-0	IP Localhost Source Spoof	atomic-ip
1107-0	RFC 1918 Addresses Seen	atomic-ip
1108-0	IP Packet with Proto 11	atomic-ip
1109-0	Cisco IOS Interface DoS	atomic-ip
1109-1	Cisco IOS Interface DoS	atomic-ip
1109-2	Cisco IOS Interface DoS	atomic-ip
1109-3	Cisco IOS Interface DoS	atomic-ip
1201-0	IP Fragment Overlap	normalizer
1202-0	IP Fragment Overrun - Datagram Too Long	normalizer
1203-0	IP Fragment Overwrite - Data is Overwritten	normalizer
1204-0	IP Fragment Missing Initial Fragment	normalizer
1205-0	IP Fragment Too Many Datagrams	normalizer
1206-0	IP Fragment Too Small	normalizer
1207-0	IP Fragment Too Many Fragments in a Datagram	normalizer
1208-0	IP Fragment Incomplete Datagram	normalizer
2000-0	ICMP Echo Reply	atomic-ip
2001-0	ICMP Host Unreachable	atomic-ip
2001-1	ICMP Host Unreachable	atomic-ip
2002-0	ICMP Source Quench	atomic-ip
2003-0	ICMP Redirect	atomic-ip
2004-0	ICMP Echo Request	atomic-ip
2005-0	ICMP Time Exceeded for a Datagram	atomic-ip
2006-0	ICMP Parameter Problem on Datagram	atomic-ip
2007-0	ICMP Timestamp Request	atomic-ip
2008-0	ICMP Timestamp Reply	atomic-ip
2009-0	ICMP Information Request	atomic-ip
2010-0	ICMP Information Reply	atomic-ip
2011-0	ICMP Address Mask Request	atomic-ip
2012-0	ICMP Address Mask Reply	atomic-ip
2150-0	Fragmented ICMP Traffic	atomic-ip
2151-0	Large ICMP Traffic	atomic-ip
2154-0	Ping of Death Attack	atomic-ip
2155-0	Modem DoS	string-icmp
2156-0	Nachi Worm ICMP Echo Request	string-icmp
2157-0	ICMP Hard Error DoS	atomic-ip
2157-1	ICMP Hard Error DoS	atomic-ip
2157-2	ICMP Hard Error DoS	atomic-ip
2158-0	Nachi Worm ICMP Echo Request	atomic-ip
2201-0	IGMP over fragmented IP	atomic-ip
2202-0	IGMP Invalid Packet DoS	atomic-ip
3038-0	Fragmented NULL TCP Packet	atomic-ip
3039-0	Fragmented Orphaned FIN packet	atomic-ip
3040-0	TCP NULL Packet	atomic-ip
3041-0	TCP SYN/FIN Packet	atomic-ip
3042-0	Orphaned Fin Packet	atomic-ip
3043-0	Fragmented SYN/FIN Packet	atomic-ip
3050-0	Half-open SYN Attack	normalizer
3051-0	TCP Connection Window Size RST DoS	atomic-ip
3051-1	TCP Connection Window Size RST DoS	atomic-ip
3100-0	SMTP RCPT TO: Bounce	state
3101-0	Sendmail Invalid Recipient	state
3102-0	Sendmail Invalid Sender	state
3103-0	Sendmail Reconnaissance	state
3103-1	Sendmail Reconnaissance	state
3104-0	Archaic Sendmail Attacks	state
3104-1	Archaic Sendmail Attacks	state
3105-0	Sendmail Decode Alias	state
3106-0	Mail Spam	state
3107-0	Majordomo Execute Attack	state
3108-0	SMTP MIME Content Overflow	state
3109-0	Long SMTP Command	state
3109-1	Long SMTP Command	state
3110-0	Suspicious Mail Attachment	state
3111-0	W32 Sircam Malicious Code	string-tcp
3111-1	W32 Sircam Malicious Code	string-tcp
3112-0	Lotus Domino Mail Loop DoS	state
3113-0	Email Attachment with Malicious Payload	string-tcp
3113-1	Email Attachment with Malicious Payload	string-tcp
3114-0	FetchMail Arbitrary Code Execution	string-tcp
3115-0	Sendmail Data Header Overflow	state
3115-3	Sendmail Data Header Overflow	state
3116-0	Netbus	string-tcp
3117-0	KLEZ Worm	string-tcp
3117-1	KLEZ worm	string-tcp
3118-0	rwhoisd format string	string-tcp
3119-0	WS_FTP STAT Overflow	string-tcp
3120-0	ANTS Virus	string-tcp
3120-1	ANTS Virus	string-tcp
3121-0	Vintra MailServer EXPN DoS	string-tcp
3122-0	SMTP EXPN root Recon	string-tcp
3123-0	NetBus Pro Traffic	atomic-ip
3124-0	Sendmail prescan Memory Corruption	state
3125-0	Postfix 1.1.12 envelope address DoS	state
3126-0	Postfix bounce scan	state
3128-0	Exchange xexch50 overflow	state
3128-1	Exchange xexch50 overflow	string-tcp
3129-0	Mimail Virus C Variant File Attachment	state
3130-0	Mimail Virus I Variant File Attachment	string-tcp
3131-0	Mimail Virus L Variant File Attachment	string-tcp
3132-0	Novarg / Mydoom Virus Mail Attachment	string-tcp
3132-1	Novarg / Mydoom Virus Mail Attachment	string-tcp
3133-0	Novarg / Mydoom Virus Mail Attachment Variant B	string-tcp
3133-1	Novarg / Mydoom Virus Mail Attachment Variant B	string-tcp
3134-0	DoomJuice Worm network probe	string-tcp
3135-0	MyDoom Virus Activity	string-tcp
3135-1	MyDoom Virus Activity	string-tcp
3135-2	MyDoom Virus Activity	string-tcp
3135-3	MyDoom Virus Activity	string-tcp
3135-4	MyDoom Virus Activity	string-tcp
3135-5	MyDoom Virus Activity	string-tcp
3135-6	MyDoom Virus Activity	string-tcp
3135-7	MyDoom Virus Activity	string-tcp
3136-0	Netsky Virus Activity	string-tcp
3136-1	Netsky Virus Activity	string-tcp
3136-2	Netsky Virus Activity	string-tcp
3136-3	Netsky Virus Activity	string-tcp
3136-4	Netsky Virus Activity	string-tcp
3136-5	Netsky Virus Activity	string-tcp
3136-6	Netsky Virus Activity	string-tcp
3136-7	Netsky Virus Activity	string-tcp
3136-8	Netsky Virus Activity	string-tcp
3136-9	Netsky Virus Activity	string-tcp
3136-10	Netsky Virus Activity	string-tcp
3136-11	Netsky Virus Activity	string-tcp
3137-0	Sober Virus Activity	string-tcp
3137-1	Sober Virus Activity	string-tcp
3137-2	Sober Virus Activity	string-tcp
3137-3	Sober Virus Activity	string-tcp
3137-4	Sober Virus Activity	string-tcp
3137-5	Sober Virus Activity	string-tcp
3137-6	Sober Virus Activity	string-tcp
3138-0	Bagle.C Virus Email Attachment	string-tcp
3139-0	Bagle.E Virus Email Attachment	string-tcp
3140-0	Bagle Virus Activity	string-tcp
3140-1	Bagle Virus Activity	string-tcp
3140-2	Bagle Virus Activity	string-tcp
3140-3	Bagle Virus Activity	service-http
3140-4	Bagle Virus Activity	service-http
3140-5	Bagle Virus Activity	string-tcp
3140-6	Bagle Virus Activity	string-tcp
3140-7	Bagle Virus Activity	string-tcp
3140-8	Bagle Virus Activity	string-tcp
3140-9	Bagle Virus Activity	string-tcp
3140-10	Bagle Virus Activity	string-tcp
3140-11	Bagle Virus Activity	string-tcp
3140-12	Bagle Virus Activity	string-tcp
3140-13	Bagle Virus Activity	string-tcp
3140-14	Bagle Virus Activity	string-tcp
3140-15	Bagle Virus Activity	string-tcp
3140-16	Bagle Virus Activity	string-tcp
3140-17	Bagle Virus Activity	string-tcp
3140-18	Bagle Virus Activity	string-tcp
3140-19	Bagle Virus Activity	string-tcp
3141-0	Lovgate Worm Activity	string-tcp
3142-0	Sasser Worm Activity	string-tcp
3142-1	Sasser Worm Activity	string-tcp
3142-3	Sasser Worm Activity	string-tcp
3143-0	BERBEW Trojan Activity	string-tcp
3143-1	BERBEW Trojan Activity	string-udp
3143-2	BERBEW Trojan Activity	string-udp
3143-3	BERBEW Trojan Activity	atomic-ip
3143-4	BERBEW Trojan Activity	atomic-ip
3144-0	Ratos Worm Activity	string-tcp
3145-0	ZAFI Worm Activity	string-tcp
3145-1	ZAFI Worm Activity	string-tcp
3146-0	Bropia Worm Activity	string-tcp
3150-0	FTP Remote Command Execution	string-tcp
3150-1	FTP Remote Command Execution	string-tcp
3151-0	FTP SYST Command Attempt	string-tcp
3152-0	FTP CWD ~root	string-tcp
3153-0	FTP Improper Address Specified	service-ftp
3154-0	FTP Improper Port Specified	service-ftp
3155-0	FTP RETR Pipe Filename Command Execution	string-tcp
3156-0	FTP STOR Pipe Filename Command Execution	string-tcp
3157-0	FTP PASV Port Spoof	service-ftp
3158-0	FTP SITE EXEC Format String	string-tcp
3159-0	FTP PASS Suspicious Length	string-tcp
3160-0	Cesar FTP Buffer Overflow	string-tcp
3161-0	FTP realpath Buffer Overflow	string-tcp
3161-1	FTP realpath Buffer Overflow	string-tcp
3162-0	glFtpD LIST DoS	string-tcp
3163-0	WU-FTPD Heap Corruption	string-tcp
3164-0	Instant Server Mini Portal Directory Traversal	string-tcp
3165-0	FTP SITE EXEC	string-tcp
3166-0	FTP USER Suspicious Length	string-tcp
3167-0	Format String in FTP username	string-tcp
3168-0	FTP SITE EXEC Directory Traversal	string-tcp
3169-0	FTP SITE EXEC tar	string-tcp
3170-0	WS_FTP SITE CPWD Buffer Overflow	string-tcp
3171-0	Ftp Priviledged Login	string-tcp
3171-1	Ftp Priviledged Login	string-tcp
3172-0	Ftp Cwd Overflow	string-tcp
3173-0	Long FTP Command	string-tcp
3175-0	ProFTPD STAT DoS	string-tcp
3177-0	Long MDTM Command	string-tcp
3178-0	Denial Of Service in Microsoft SMS Client	string-tcp
3179-0	ftpdchk DOS	string-tcp
3180-0	BakBone NetVault Remote Heap Overflow	string-tcp
3180-1	BakBone NetVault Remote Heap Overflow	string-tcp
3181-0	dSMTP Mail Server Format String Overflow	string-tcp
3200-0	WWW Phf Attack	service-http
3201-1	Unix Password File Access Attempt	service-http
3201-2	Unix Password File Access Attempt	service-http
3201-3	Unix Password File Access Attempt	service-http
3201-4	Unix Password File Access Attempt	service-http
3201-5	Unix Password File Access Attempt	service-http
3201-6	Unix Password File Access Attempt	service-http
3202-0	WWW .url File Requested	service-http
3203-0	WWW .lnk File Requested	service-http
3204-0	WWW .bat File Requested	service-http
3205-0	HTML File Has .url Link	string-tcp
3206-0	HTML File Has .lnk Link	string-tcp
3207-0	HTML File Has .bat Link	string-tcp
3208-0	WWW Campas Attack	service-http
3209-0	WWW Glimpse Server Attack	service-http
3210-0	WWW IIS View Source Attack	service-http
3210-1	WWW IIS View Source Attack	service-http
3210-2	WWW IIS View Source Attack	service-http
3210-3	WWW IIS View Source Attack	service-http
3211-0	WWW IIS Hex View Source Attack	service-http
3211-1	WWW IIS Hex View Source Attack	service-http
3211-2	WWW IIS Hex View Source Attack	service-http
3211-3	WWW IIS Hex View Source Attack	service-http
3212-0	WWW NPH-TEST-CGI Attack	service-http
3213-0	WWW TEST-CGI Attack	service-http
3214-0	IIS DOT DOT VIEW Attack	service-http
3215-0	IIS DOT DOT EXECUTE Attack	service-http
3216-0	WWW Directory Traversal ../..	service-http
3217-0	WWW php View File Attack	service-http
3218-0	WWW SGI Wrap Attack	service-http
3219-0	WWW PHP Buffer Overflow	service-http
3220-0	IIS Long URL Attack	service-http
3221-0	WWW CGI-Viewsource Attack	service-http
3222-0	WWW PHP Log Scripts Read Attack	service-http
3223-0	WWW IRIX cgi-handler Attack	service-http
3224-0	HTTP WebGais	service-http
3225-0	WWW websendmail File Access	service-http
3226-0	WWW Webdist Bug	service-http
3227-0	WWW Htmlscript Bug	service-http
3228-0	WWW Performer Attack	service-http
3229-0	Website Win-C-Sample Buffer Overflow	service-http
3230-0	Website Uploader	service-http
3231-0	Novell Convert Attack	service-http
3232-0	WWW finger attempt	service-http
3233-0	WWW count-cgi Overflow	service-http
3234-0	IE Local Trusted Resource Execution	service-http
3234-1	IE Local Trusted Resource Execution	service-http
3235-0	showHelp CHM File Execution Weakness	string-tcp
3235-1	showHelp CHM File Execution Weakness	string-tcp
3236-0	IIS Path Disclosure	service-http
3252-0	Microsoft Agent ActiveX Control	string-tcp
3253-0	HTTP Request Smuggling	service-http
3254-0	XML-RPC PHP Command Execution	service-http
3254-1	XML-RPC PHP Command Execution	service-http
3255-0	Apache Long HTTP Header DoS	service-http
3300-0	NetBIOS OOB Data	atomic-ip
3301-0	NETBIOS Stat	atomic-ip
3314-0	Windows Locator Service Overflow	string-tcp
3315-0	Microsoft Windows 9x NetBIOS NULL Name Vulnerability	string-tcp
3316-0	Project1 DOS	string-tcp
3317-0	LSASS DCE RPC Request	string-tcp
3318-0	DsRolerUpgradeDownlevelServer Request	string-tcp
3319-0	DCE RPC Request	string-tcp
3325-0	Samba call_trans2open Overflow	string-tcp
3326-0	Windows Startup Folder Remote Access	string-tcp
3327-0	Windows RPC DCOM Overflow	service-msrpc
3327-1	Windows RPC DCOM Overflow	string-udp
3327-2	Windows RPC DCOM Overflow	atomic-ip
3327-3	Windows RPC DCOM Overflow	atomic-ip
3327-4	Windows RPC DCOM Overflow	service-msrpc
3327-5	Windows RPC DCOM Overflow	atomic-ip
3327-6	Windows RPC DCOM Overflow	string-tcp
3327-7	Windows RPC DCOM Overflow	string-tcp
3327-8	Windows RPC DCOM Overflow	service-msrpc
3327-9	Windows RPC DCOM Overflow	string-tcp
3327-10	Windows RPC DCOM Overflow	string-tcp
3327-12	Windows RPC DCOM Overflow	service-msrpc
3327-13	Windows RPC DCOM Overflow	string-tcp
3328-0	Windows SMB/RPC NoOp Sled	string-tcp
3328-1	Windows SMB/RPC NoOp Sled	service-msrpc
3328-2	Windows SMB/RPC NoOp Sled	string-tcp
3328-3	Windows SMB/RPC NoOp Sled	service-msrpc
3329-0	Windows RPCSS Overflow	service-msrpc
3330-0	Windows RPCSS Overflow 2	service-msrpc
3331-0	UDP MSRPC Messenger Overflow	string-udp
3331-1	UDP MSRPC Messenger Overflow	string-udp
3331-2	UDP MSRPC Messenger Overflow	service-msrpc
3331-3	UDP MSRPC Messenger Overflow	atomic-ip
3331-4	UDP MSRPC Messenger Overflow	atomic-ip
3332-0	TCP MSRPC Messenger Overflow	service-msrpc
3333-0	SMB MSRPC Messenger Overflow	string-tcp
3334-2	Windows Workstation Service Overflow	string-tcp
3334-5	Windows Workstation Service Overflow	service-msrpc
3334-6	Windows Workstation Service Overflow	service-msrpc
3334-7	Windows Workstation Service Overflow	string-tcp
3336-0	Windows ASN.1 Bit String NTLMv2 Integer Overflow	string-tcp
3337-0	Windows RPC Race Condition Exploitation	service-msrpc
3338-2	Windows LSASS RPC Overflow	service-msrpc
3338-3	Windows LSASS RPC Overflow	service-msrpc
3340-0	Windows Shell External Handler	string-tcp
3341-0	Metasploit Activity	string-tcp
3342-1	Windows NetDDE Overflow	string-tcp
3343-0	Windows Account Locked	string-tcp
3344-0	Windows 2000 TCP RPC DoS	string-tcp
3345-0	RPC WinNuke	atomic-ip
3346-0	Windows TSShutdn.exe Attempt	string-tcp
3347-0	Windows ASN.1 Library Bit String Heap Corruption	service-http
3347-1	Windows ASN.1 Library Bit String Heap Corruption	string-tcp
3347-2	Windows ASN.1 Library Bit String Heap Corruption	service-http
3353-0	SMB Request Overflow	string-tcp
3357-0	Invalid Netbios Name	atomic-ip
3400-0	Sun Kill Telnet DoS	string-tcp
3401-0	Telnet-IFS Match	string-tcp
3401-1	Telnet-IFS Match	string-tcp
3402-0	BSD Telnet Daemon Buffer Overflow	string-tcp
3402-1	BSD Telnet Daemon Buffer Overflow	string-tcp
3402-2	BSD Telnet Daemon Buffer Overflow	string-tcp
3402-3	BSD Telnet Daemon Buffer Overflow	string-tcp
3402-4	BSD Telnet Daemon Buffer Overflow	string-tcp
3403-0	Telnet Excessive Environment Options	string-tcp
3404-0	SysV /bin/login Overflow	string-tcp
3404-1	SysV /bin/login Overflow	string-tcp
3405-0	Avirt Gateway Proxy Buffer Overflow	string-tcp
3406-0	Solaris TTYPROMPT /bin/login Overflow	string-tcp
3407-0	Telnet Client NEW ENVIRON Option Overflow	string-tcp
3408-0	Telnet Client LINEMODE SLC Option Overflow	string-tcp
3409-0	Telnet Over Non-standard Ports	string-tcp
3409-1	Telnet Over Non-standard Ports	string-tcp
3409-2	Telnet Over Non-standard Ports	string-tcp
3450-0	Finger Bomb	string-tcp
3451-0	BearShare Directory Traversal	string-tcp
3452-0	Gopherd Halidate Overflow	string-tcp
3453-0	MS NetMeeting RDS DoS	string-tcp
3454-0	Check Point Firewall Information Leak	string-tcp
3455-0	Java Web Server Cmd Exec	string-tcp
3456-0	Solaris in.fingerd Information Leak	string-tcp
3456-1	Solaris in.fingerd Information Leak	string-tcp
3456-3	Solaris in.fingerd Information Leak	string-tcp
3457-0	Finger root shell	string-tcp
3458-0	AIM game invite overflow	string-tcp
3459-0	ValiCert Forms.exe Overflow	string-tcp
3459-1	ValiCert Forms.exe Overflow	string-tcp
3461-0	Finger probe	string-tcp
3462-0	Finger Redirect	string-tcp
3463-0	Finger root	string-tcp
3464-0	File access in finger	string-tcp
3465-0	Finger Activity	string-tcp
3466-0	RAS/PPTP Malformed Control Packet DOS	string-tcp
3500-0	Rlogin -froot Attack	string-tcp
3501-0	Rlogin Long TERM Variable	string-tcp
3502-0	rlogin Activity	string-tcp
3525-0	IMAP Authenticate Buffer Overflow	string-tcp
3526-0	Imap Login Buffer Overflow	string-tcp
3527-0	UW imapd Overflows	string-tcp
3527-1	UW imapd Overflows	string-tcp
3527-2	UW imapd Overflows	string-tcp
3527-3	UW imapd Overflows	string-tcp
3527-4	UW imapd Overflows	string-tcp
3527-5	UW imapd Overflows	string-tcp
3527-6	UW imapd Overflows	string-tcp
3528-0	IPSwitch IMail DELETE Command Overflow	string-tcp
3529-0	IMAP Long EXAMINE Command	string-tcp
3533-0	Cisco IOS Misformed BGP Packet DoS	string-tcp
3534-0	IMAP Long AUTHENTICATE Command	string-tcp
3537-0	MailEnable HTTP Authorization Buffer Overflow	string-tcp
3540-0	Cisco Secure ACS CSAdmin Attack	string-tcp
3550-0	POP Buffer Overflow	string-tcp
3551-0	POP User Root	string-tcp
3575-0	INN Buffer Overflow	string-tcp
3576-0	INN Control Message Exploit	string-tcp
3577-0	IMAP LOGIN Command Invalid Username	string-tcp
3578-0	IMAP Format String	string-tcp
3600-0	IOS Telnet Buffer Overflow	state
3601-0	IOS Command History Exploit	state
3602-0	IOS Cisco Identification	string-tcp
3603-0	IOS Enable Bypass	state
3604-0	Cisco Catalyst CR DoS	string-tcp
3652-0	SSH Gobbles	string-tcp
3700-0	CDE dtspcd Overflow	string-tcp
3701-0	Oracle 9iAS Web Cache Buffer Overflow	service-http
3703-0	Squid FTP URL Buffer Overflow	string-tcp
3704-0	IIS FTP STAT Denial of Service	string-tcp
3705-0	Tivoli Storage Manager Client Acceptor Overflow	service-http
3706-0	MIT PGP Public Key Server Overflow	string-tcp
3707-0	Perl fingerd Command Exec	string-tcp
3708-0	AnalogX Proxy Socks4a DNS Overflow	string-tcp
3709-0	AnalogX Proxy Web Proxy Overflow	string-tcp
3710-0	Cisco Secure ACS Directory Traversal	service-http
3711-0	Informer FW1 Auth Replay DoS	string-tcp
3714-0	Oracle TNS 'Service_Name' Overflow	string-tcp
3716-0	GDI+ JPEG Buffer Overflow	string-tcp
3716-1	GDI+ JPEG Buffer Overflow	string-tcp
3718-0	Windows .ANI File DoS	string-tcp
3719-0	MSN Messenger PNG Overflow	string-tcp
3728-0	Long pop username	string-tcp
3729-0	Long pop password	string-tcp
3730-0	Trinoo (TCP)	string-tcp
3730-1	Trinoo (TCP)	string-tcp
3731-0	IMail HTTP Get Buffer Overflow	string-tcp
3732-0	MSSQL xp_cmdshell Usage	string-tcp
3733-0	Real Server Format Overflow	string-tcp
3734-0	Cfengine Overflow	string-tcp
3735-0	CVS Flag Insertion Overflow	string-tcp
3736-0	Subversion get-dated-rev overflow	string-tcp
3737-0	Squid Proxy NTLM Authenticate Overflow	string-tcp
3738-0	CVS Argumentx Vulnerability	string-tcp
3739-0	Nullsoft SHOUTcast Format String Attack	service-http
3740-0	IMail LDAP Service Buffer Overflow	string-tcp
3782-0	mIRC DCC Send Buffer Overflow	string-tcp
3783-0	BrightStor Backup Discovery UDP Probe Overflow	string-udp
3784-0	BrightStor Discovery Service SERVICEPC Overflow	string-tcp
3785-0	Oracle 9i XDB FTP UNLOCK Buffer Overflow	string-tcp
3786-0	Oracle 9i XDB FTP PASS Buffer Overflow	string-tcp
3787-0	IRIX Printing System Remote Command Execution	string-tcp
3788-0	Solaris LPD Remote Command Execution	string-tcp
3789-0	DistCC Daemon Command Execution	string-tcp
3790-0	HP Openview Omniback II Command Execution	string-tcp
3791-0	Solaris Printd Unlink File Deletion	string-tcp
3792-0	Long Telnet Username	string-tcp
3793-0	ZENworks 6.5 Authentication Overflow	string-tcp
3802-0	Oracle iSQL*PLus Overflow	service-http
3883-0	Apache mod_proxy Buffer Overflow	string-tcp
3884-0	Cfengine Authentication Heap Based Buffer Overflow	string-tcp
4050-0	UDP Bomb	atomic-ip
4051-1	Snork	atomic-ip
4051-2	Snork	atomic-ip
4051-3	Snork	atomic-ip
4052-1	Chargen DoS	atomic-ip
4052-2	Chargen DoS	atomic-ip
4054-0	RIP Trace	string-udp
4054-1	RIP Trace	string-udp
4058-0	UPnP LOCATION Overflow	string-udp
4058-1	UPnP LOCATION Overflow	string-tcp
4058-2	UPnP LOCATION Overflow	atomic-ip
4060-0	Back Orifice Ping	string-udp
4060-1	Back Orifice Ping	string-udp
4061-0	Chargen Echo DoS	atomic-ip
4062-0	Cisco CSS 11000 Malformed UDP DoS	atomic-ip
4067-0	Malformed IKE Packet DoS	string-udp
4068-0	DoS NBT Stream	atomic-ip
4100-0	Tftp Passwd File	string-udp
4101-0	Cisco TFTPD Directory Traversal	string-udp
4150-0	Ascend Denial of Service	string-udp
4151-0	BOBAX Virus Activity	string-tcp
4151-1	BOBAX Virus Activity	string-tcp
4513-0	Cisco SNMP Message Processing DoS	string-udp
4514-0	SNMP Community String Public	string-udp
4515-0	Cisco IP/VC Embedded Community Names	string-udp
4515-1	Cisco IP/VC Embedded Community Names	string-udp
4600-0	IOS UDP Bomb	atomic-ip
4601-0	CheckPoint Firewall RDP ByPass	string-udp
4601-1	CheckPoint Firewall RDP Bypass	string-udp
4601-2	CheckPoint Firewall RDP Bypass	string-udp
4601-3	CheckPoint Firewall RDP Bypass	string-udp
4602-0	Beagle (Bagle) Virus DNS Lookup	string-udp
4602-1	Beagle (Bagle) Virus DNS Lookup	string-udp
4602-2	Beagle (Bagle) Virus DNS Lookup	string-tcp
4602-3	Beagle (Bagle) Virus DNS Lookup	atomic-ip
4602-4	Beagle (Bagle) Virus DNS Lookup	atomic-ip
4603-0	DHCP Discover	string-udp
4604-0	DHCP Request	string-udp
4604-1	DHCP Request	atomic-ip
4605-0	DHCP Offer	string-udp
4605-1	DHCP Offer	atomic-ip
4606-0	Cisco TFTP Long Filename Buffer Overflow	string-udp
4606-1	Cisco TFTP Long Filename Buffer Overflow	atomic-ip
4607-0	Deep Throat Response	string-udp
4607-1	Deep Throat Response	string-udp
4607-2	Deep Throat Response	string-udp
4607-3	Deep Throat Response	string-udp
4607-4	Deep Throat Response	string-udp
4607-5	Deep Throat Response	atomic-ip
4607-6	Deep Throat Response	atomic-ip
4607-7	Deep Throat Response	atomic-ip
4607-8	Deep Throat Response	atomic-ip
4607-9	Deep Throat Response	atomic-ip
4608-0	Trinoo (UDP)	string-udp
4608-1	Trinoo (UDP)	string-udp
4608-2	Trinoo (UDP)	string-udp
4608-3	Trinoo (UDP)	atomic-ip
4608-4	Trinoo (UDP)	atomic-ip
4608-5	Trinoo (UDP)	atomic-ip
4609-0	Orinoco SNMP Info Leak	string-udp
4609-1	Orinoco SNMP Info Leak	atomic-ip
4610-0	Kerberos 4 User Recon	string-udp
4610-1	Kerberos 4 User Recon	atomic-ip
4611-0	D-Link DWL-900AP+ TFTP Config Retrieve	string-udp
4611-1	D-Link DWL-900AP+ TFTP Config Retrieve	atomic-ip
4612-0	Cisco IP Phone TFTP Config Retrieve	string-udp
4612-1	Cisco IP Phone TFTP Config Retrieve	atomic-ip
4613-0	TFTP Filename Buffer Overflow	string-udp
4613-1	TFTP Filename Buffer Overflow	atomic-ip
4615-0	Beagle.B (Bagle.B) Virus DNS Lookup	string-udp
4615-1	Beagle.B (Bagle.B) Virus DNS Lookup	string-udp
4615-2	Beagle.B (Bagle.B) Virus DNS Lookup	atomic-ip
4615-3	Beagle.B (Bagle.B) Virus DNS Lookup	atomic-ip
4617-0	PoPToP PPtP Short Length Overflow	string-tcp
4617-1	PoPToP PPtP Short Length Overflow	string-tcp
4619-0	Invalid DHCP Packet	atomic-ip
4620-0	DNS Limited Broadcast Query	atomic-ip
4701-0	MSSQL Resolution Service Stack Overflow	string-udp
4702-0	MSSQL Resolution Service Heap Overflow	string-udp
4703-0	MSSQL Resolution Service Stack Overflow	atomic-ip
4704-0	MSSQL Resolution Service Heap Overflow	atomic-ip
5034-0	WWW IIS newdsn attack	service-http
5035-0	HTTP cgi HylaFAX Faxsurvey	service-http
5036-1	WWW Windows Password File Access Attempt	service-http
5036-2	WWW Windows Password File Access Attempt	service-http
5037-0	WWW SGI MachineInfo Attack	service-http
5038-0	WWW wwwsql file read Bug	service-http
5039-0	WWW finger attempt	service-http
5040-1	WWW perl interpreter attack	service-http
5040-2	WWW perl interpreter attack	service-http
5040-3	WWW perl interpreter attack	service-http
5041-0	WWW anyform attack	service-http
5042-1	WWW valid shell access attempt	service-http
5042-2	WWW valid shell access attempt	service-http
5042-3	WWW valid shell access attempt	service-http
5042-4	WWW valid shell access attempt	service-http
5042-5	WWW valid shell access attempt	service-http
5042-6	WWW valid shell access attempt	service-http
5043-1	WWW Cold Fusion Attack	service-http
5043-2	WWW Cold Fusion Attack	service-http
5043-3	WWW Cold Fusion Attack	service-http
5044-0	WWW Webcom.se Guestbook attack	service-http
5045-0	WWW xterm display attack	service-http
5046-0	WWW dumpenv.pl recon	service-http
5047-0	WWW Server Side Include POST attack	service-http
5048-0	WWW IIS BAT EXE attack	service-http

Hierarchical Navigation

Cisco IOS Intrusion Prevention System (IPS)

Cisco IOS IPS Supported Signature List in 5.x Signature Format

Downloads