|
Signature ID
|
Signature Name
|
Signature Engine
|
|
1000-0
|
IP options-Bad Option List
|
atomic-ip
|
|
1001-0
|
IP options-Record Packet Route
|
atomic-ip
|
|
1002-0
|
IP options-Timestamp
|
atomic-ip
|
|
1003-0
|
IP options-Provide s,c,h,tcc
|
atomic-ip
|
|
1004-0
|
IP options-Loose Source Route
|
atomic-ip
|
|
1005-0
|
IP options-SATNET ID
|
atomic-ip
|
|
1006-0
|
IP options-Strict Source Route
|
atomic-ip
|
|
1007-0
|
IPv6 over IPv4
|
atomic-ip
|
|
1101-0
|
Unknown IP Protocol
|
atomic-ip
|
|
1102-0
|
Impossible IP Packet
|
atomic-ip
|
|
1104-0
|
IP Localhost Source Spoof
|
atomic-ip
|
|
1107-0
|
RFC 1918 Addresses Seen
|
atomic-ip
|
|
1108-0
|
IP Packet with Proto 11
|
atomic-ip
|
|
1109-0
|
Cisco IOS Interface DoS
|
atomic-ip
|
|
1109-1
|
Cisco IOS Interface DoS
|
atomic-ip
|
|
1109-2
|
Cisco IOS Interface DoS
|
atomic-ip
|
|
1109-3
|
Cisco IOS Interface DoS
|
atomic-ip
|
|
1201-0
|
IP Fragment Overlap
|
normalizer
|
|
1202-0
|
IP Fragment Overrun - Datagram Too Long
|
normalizer
|
|
1203-0
|
IP Fragment Overwrite - Data is Overwritten
|
normalizer
|
|
1204-0
|
IP Fragment Missing Initial Fragment
|
normalizer
|
|
1205-0
|
IP Fragment Too Many Datagrams
|
normalizer
|
|
1206-0
|
IP Fragment Too Small
|
normalizer
|
|
1207-0
|
IP Fragment Too Many Fragments in a Datagram
|
normalizer
|
|
1208-0
|
IP Fragment Incomplete Datagram
|
normalizer
|
|
2000-0
|
ICMP Echo Reply
|
atomic-ip
|
|
2001-0
|
ICMP Host Unreachable
|
atomic-ip
|
|
2001-1
|
ICMP Host Unreachable
|
atomic-ip
|
|
2002-0
|
ICMP Source Quench
|
atomic-ip
|
|
2003-0
|
ICMP Redirect
|
atomic-ip
|
|
2004-0
|
ICMP Echo Request
|
atomic-ip
|
|
2005-0
|
ICMP Time Exceeded for a Datagram
|
atomic-ip
|
|
2006-0
|
ICMP Parameter Problem on Datagram
|
atomic-ip
|
|
2007-0
|
ICMP Timestamp Request
|
atomic-ip
|
|
2008-0
|
ICMP Timestamp Reply
|
atomic-ip
|
|
2009-0
|
ICMP Information Request
|
atomic-ip
|
|
2010-0
|
ICMP Information Reply
|
atomic-ip
|
|
2011-0
|
ICMP Address Mask Request
|
atomic-ip
|
|
2012-0
|
ICMP Address Mask Reply
|
atomic-ip
|
|
2150-0
|
Fragmented ICMP Traffic
|
atomic-ip
|
|
2151-0
|
Large ICMP Traffic
|
atomic-ip
|
|
2154-0
|
Ping of Death Attack
|
atomic-ip
|
|
2155-0
|
Modem DoS
|
string-icmp
|
|
2156-0
|
Nachi Worm ICMP Echo Request
|
string-icmp
|
|
2157-0
|
ICMP Hard Error DoS
|
atomic-ip
|
|
2157-1
|
ICMP Hard Error DoS
|
atomic-ip
|
|
2157-2
|
ICMP Hard Error DoS
|
atomic-ip
|
|
2158-0
|
Nachi Worm ICMP Echo Request
|
atomic-ip
|
|
2201-0
|
IGMP over fragmented IP
|
atomic-ip
|
|
2202-0
|
IGMP Invalid Packet DoS
|
atomic-ip
|
|
3038-0
|
Fragmented NULL TCP Packet
|
atomic-ip
|
|
3039-0
|
Fragmented Orphaned FIN packet
|
atomic-ip
|
|
3040-0
|
TCP NULL Packet
|
atomic-ip
|
|
3041-0
|
TCP SYN/FIN Packet
|
atomic-ip
|
|
3042-0
|
Orphaned Fin Packet
|
atomic-ip
|
|
3043-0
|
Fragmented SYN/FIN Packet
|
atomic-ip
|
|
3050-0
|
Half-open SYN Attack
|
normalizer
|
|
3051-0
|
TCP Connection Window Size RST DoS
|
atomic-ip
|
|
3051-1
|
TCP Connection Window Size RST DoS
|
atomic-ip
|
|
3100-0
|
SMTP RCPT TO: Bounce
|
state
|
|
3101-0
|
Sendmail Invalid Recipient
|
state
|
|
3102-0
|
Sendmail Invalid Sender
|
state
|
|
3103-0
|
Sendmail Reconnaissance
|
state
|
|
3103-1
|
Sendmail Reconnaissance
|
state
|
|
3104-0
|
Archaic Sendmail Attacks
|
state
|
|
3104-1
|
Archaic Sendmail Attacks
|
state
|
|
3105-0
|
Sendmail Decode Alias
|
state
|
|
3106-0
|
Mail Spam
|
state
|
|
3107-0
|
Majordomo Execute Attack
|
state
|
|
3108-0
|
SMTP MIME Content Overflow
|
state
|
|
3109-0
|
Long SMTP Command
|
state
|
|
3109-1
|
Long SMTP Command
|
state
|
|
3110-0
|
Suspicious Mail Attachment
|
state
|
|
3111-0
|
W32 Sircam Malicious Code
|
string-tcp
|
|
3111-1
|
W32 Sircam Malicious Code
|
string-tcp
|
|
3112-0
|
Lotus Domino Mail Loop DoS
|
state
|
|
3113-0
|
Email Attachment with Malicious Payload
|
string-tcp
|
|
3113-1
|
Email Attachment with Malicious Payload
|
string-tcp
|
|
3114-0
|
FetchMail Arbitrary Code Execution
|
string-tcp
|
|
3115-0
|
Sendmail Data Header Overflow
|
state
|
|
3115-3
|
Sendmail Data Header Overflow
|
state
|
|
3116-0
|
Netbus
|
string-tcp
|
|
3117-0
|
KLEZ Worm
|
string-tcp
|
|
3117-1
|
KLEZ worm
|
string-tcp
|
|
3118-0
|
rwhoisd format string
|
string-tcp
|
|
3119-0
|
WS_FTP STAT Overflow
|
string-tcp
|
|
3120-0
|
ANTS Virus
|
string-tcp
|
|
3120-1
|
ANTS Virus
|
string-tcp
|
|
3121-0
|
Vintra MailServer EXPN DoS
|
string-tcp
|
|
3122-0
|
SMTP EXPN root Recon
|
string-tcp
|
|
3123-0
|
NetBus Pro Traffic
|
atomic-ip
|
|
3124-0
|
Sendmail prescan Memory Corruption
|
state
|
|
3125-0
|
Postfix 1.1.12 envelope address DoS
|
state
|
|
3126-0
|
Postfix bounce scan
|
state
|
|
3128-0
|
Exchange xexch50 overflow
|
state
|
|
3128-1
|
Exchange xexch50 overflow
|
string-tcp
|
|
3129-0
|
Mimail Virus C Variant File Attachment
|
state
|
|
3130-0
|
Mimail Virus I Variant File Attachment
|
string-tcp
|
|
3131-0
|
Mimail Virus L Variant File Attachment
|
string-tcp
|
|
3132-0
|
Novarg / Mydoom Virus Mail Attachment
|
string-tcp
|
|
3132-1
|
Novarg / Mydoom Virus Mail Attachment
|
string-tcp
|
|
3133-0
|
Novarg / Mydoom Virus Mail Attachment Variant B
|
string-tcp
|
|
3133-1
|
Novarg / Mydoom Virus Mail Attachment Variant B
|
string-tcp
|
|
3134-0
|
DoomJuice Worm network probe
|
string-tcp
|
|
3135-0
|
MyDoom Virus Activity
|
string-tcp
|
|
3135-1
|
MyDoom Virus Activity
|
string-tcp
|
|
3135-2
|
MyDoom Virus Activity
|
string-tcp
|
|
3135-3
|
MyDoom Virus Activity
|
string-tcp
|
|
3135-4
|
MyDoom Virus Activity
|
string-tcp
|
|
3135-5
|
MyDoom Virus Activity
|
string-tcp
|
|
3135-6
|
MyDoom Virus Activity
|
string-tcp
|
|
3135-7
|
MyDoom Virus Activity
|
string-tcp
|
|
3136-0
|
Netsky Virus Activity
|
string-tcp
|
|
3136-1
|
Netsky Virus Activity
|
string-tcp
|
|
3136-2
|
Netsky Virus Activity
|
string-tcp
|
|
3136-3
|
Netsky Virus Activity
|
string-tcp
|
|
3136-4
|
Netsky Virus Activity
|
string-tcp
|
|
3136-5
|
Netsky Virus Activity
|
string-tcp
|
|
3136-6
|
Netsky Virus Activity
|
string-tcp
|
|
3136-7
|
Netsky Virus Activity
|
string-tcp
|
|
3136-8
|
Netsky Virus Activity
|
string-tcp
|
|
3136-9
|
Netsky Virus Activity
|
string-tcp
|
|
3136-10
|
Netsky Virus Activity
|
string-tcp
|
|
3136-11
|
Netsky Virus Activity
|
string-tcp
|
|
3137-0
|
Sober Virus Activity
|
string-tcp
|
|
3137-1
|
Sober Virus Activity
|
string-tcp
|
|
3137-2
|
Sober Virus Activity
|
string-tcp
|
|
3137-3
|
Sober Virus Activity
|
string-tcp
|
|
3137-4
|
Sober Virus Activity
|
string-tcp
|
|
3137-5
|
Sober Virus Activity
|
string-tcp
|
|
3137-6
|
Sober Virus Activity
|
string-tcp
|
|
3138-0
|
Bagle.C Virus Email Attachment
|
string-tcp
|
|
3139-0
|
Bagle.E Virus Email Attachment
|
string-tcp
|
|
3140-0
|
Bagle Virus Activity
|
string-tcp
|
|
3140-1
|
Bagle Virus Activity
|
string-tcp
|
|
3140-2
|
Bagle Virus Activity
|
string-tcp
|
|
3140-3
|
Bagle Virus Activity
|
service-http
|
|
3140-4
|
Bagle Virus Activity
|
service-http
|
|
3140-5
|
Bagle Virus Activity
|
string-tcp
|
|
3140-6
|
Bagle Virus Activity
|
string-tcp
|
|
3140-7
|
Bagle Virus Activity
|
string-tcp
|
|
3140-8
|
Bagle Virus Activity
|
string-tcp
|
|
3140-9
|
Bagle Virus Activity
|
string-tcp
|
|
3140-10
|
Bagle Virus Activity
|
string-tcp
|
|
3140-11
|
Bagle Virus Activity
|
string-tcp
|
|
3140-12
|
Bagle Virus Activity
|
string-tcp
|
|
3140-13
|
Bagle Virus Activity
|
string-tcp
|
|
3140-14
|
Bagle Virus Activity
|
string-tcp
|
|
3140-15
|
Bagle Virus Activity
|
string-tcp
|
|
3140-16
|
Bagle Virus Activity
|
string-tcp
|
|
3140-17
|
Bagle Virus Activity
|
string-tcp
|
|
3140-18
|
Bagle Virus Activity
|
string-tcp
|
|
3140-19
|
Bagle Virus Activity
|
string-tcp
|
|
3141-0
|
Lovgate Worm Activity
|
string-tcp
|
|
3142-0
|
Sasser Worm Activity
|
string-tcp
|
|
3142-1
|
Sasser Worm Activity
|
string-tcp
|
|
3142-3
|
Sasser Worm Activity
|
string-tcp
|
|
3143-0
|
BERBEW Trojan Activity
|
string-tcp
|
|
3143-1
|
BERBEW Trojan Activity
|
string-udp
|
|
3143-2
|
BERBEW Trojan Activity
|
string-udp
|
|
3143-3
|
BERBEW Trojan Activity
|
atomic-ip
|
|
3143-4
|
BERBEW Trojan Activity
|
atomic-ip
|
|
3144-0
|
Ratos Worm Activity
|
string-tcp
|
|
3145-0
|
ZAFI Worm Activity
|
string-tcp
|
|
3145-1
|
ZAFI Worm Activity
|
string-tcp
|
|
3146-0
|
Bropia Worm Activity
|
string-tcp
|
|
3150-0
|
FTP Remote Command Execution
|
string-tcp
|
|
3150-1
|
FTP Remote Command Execution
|
string-tcp
|
|
3151-0
|
FTP SYST Command Attempt
|
string-tcp
|
|
3152-0
|
FTP CWD ~root
|
string-tcp
|
|
3153-0
|
FTP Improper Address Specified
|
service-ftp
|
|
3154-0
|
FTP Improper Port Specified
|
service-ftp
|
|
3155-0
|
FTP RETR Pipe Filename Command Execution
|
string-tcp
|
|
3156-0
|
FTP STOR Pipe Filename Command Execution
|
string-tcp
|
|
3157-0
|
FTP PASV Port Spoof
|
service-ftp
|
|
3158-0
|
FTP SITE EXEC Format String
|
string-tcp
|
|
3159-0
|
FTP PASS Suspicious Length
|
string-tcp
|
|
3160-0
|
Cesar FTP Buffer Overflow
|
string-tcp
|
|
3161-0
|
FTP realpath Buffer Overflow
|
string-tcp
|
|
3161-1
|
FTP realpath Buffer Overflow
|
string-tcp
|
|
3162-0
|
glFtpD LIST DoS
|
string-tcp
|
|
3163-0
|
WU-FTPD Heap Corruption
|
string-tcp
|
|
3164-0
|
Instant Server Mini Portal Directory Traversal
|
string-tcp
|
|
3165-0
|
FTP SITE EXEC
|
string-tcp
|
|
3166-0
|
FTP USER Suspicious Length
|
string-tcp
|
|
3167-0
|
Format String in FTP username
|
string-tcp
|
|
3168-0
|
FTP SITE EXEC Directory Traversal
|
string-tcp
|
|
3169-0
|
FTP SITE EXEC tar
|
string-tcp
|
|
3170-0
|
WS_FTP SITE CPWD Buffer Overflow
|
string-tcp
|
|
3171-0
|
Ftp Priviledged Login
|
string-tcp
|
|
3171-1
|
Ftp Priviledged Login
|
string-tcp
|
|
3172-0
|
Ftp Cwd Overflow
|
string-tcp
|
|
3173-0
|
Long FTP Command
|
string-tcp
|
|
3175-0
|
ProFTPD STAT DoS
|
string-tcp
|
|
3177-0
|
Long MDTM Command
|
string-tcp
|
|
3178-0
|
Denial Of Service in Microsoft SMS Client
|
string-tcp
|
|
3179-0
|
ftpdchk DOS
|
string-tcp
|
|
3180-0
|
BakBone NetVault Remote Heap Overflow
|
string-tcp
|
|
3180-1
|
BakBone NetVault Remote Heap Overflow
|
string-tcp
|
|
3181-0
|
dSMTP Mail Server Format String Overflow
|
string-tcp
|
|
3200-0
|
WWW Phf Attack
|
service-http
|
|
3201-1
|
Unix Password File Access Attempt
|
service-http
|
|
3201-2
|
Unix Password File Access Attempt
|
service-http
|
|
3201-3
|
Unix Password File Access Attempt
|
service-http
|
|
3201-4
|
Unix Password File Access Attempt
|
service-http
|
|
3201-5
|
Unix Password File Access Attempt
|
service-http
|
|
3201-6
|
Unix Password File Access Attempt
|
service-http
|
|
3202-0
|
WWW .url File Requested
|
service-http
|
|
3203-0
|
WWW .lnk File Requested
|
service-http
|
|
3204-0
|
WWW .bat File Requested
|
service-http
|
|
3205-0
|
HTML File Has .url Link
|
string-tcp
|
|
3206-0
|
HTML File Has .lnk Link
|
string-tcp
|
|
3207-0
|
HTML File Has .bat Link
|
string-tcp
|
|
3208-0
|
WWW Campas Attack
|
service-http
|
|
3209-0
|
WWW Glimpse Server Attack
|
service-http
|
|
3210-0
|
WWW IIS View Source Attack
|
service-http
|
|
3210-1
|
WWW IIS View Source Attack
|
service-http
|
|
3210-2
|
WWW IIS View Source Attack
|
service-http
|
|
3210-3
|
WWW IIS View Source Attack
|
service-http
|
|
3211-0
|
WWW IIS Hex View Source Attack
|
service-http
|
|
3211-1
|
WWW IIS Hex View Source Attack
|
service-http
|
|
3211-2
|
WWW IIS Hex View Source Attack
|
service-http
|
|
3211-3
|
WWW IIS Hex View Source Attack
|
service-http
|
|
3212-0
|
WWW NPH-TEST-CGI Attack
|
service-http
|
|
3213-0
|
WWW TEST-CGI Attack
|
service-http
|
|
3214-0
|
IIS DOT DOT VIEW Attack
|
service-http
|
|
3215-0
|
IIS DOT DOT EXECUTE Attack
|
service-http
|
|
3216-0
|
WWW Directory Traversal ../..
|
service-http
|
|
3217-0
|
WWW php View File Attack
|
service-http
|
|
3218-0
|
WWW SGI Wrap Attack
|
service-http
|
|
3219-0
|
WWW PHP Buffer Overflow
|
service-http
|
|
3220-0
|
IIS Long URL Attack
|
service-http
|
|
3221-0
|
WWW CGI-Viewsource Attack
|
service-http
|
|
3222-0
|
WWW PHP Log Scripts Read Attack
|
service-http
|
|
3223-0
|
WWW IRIX cgi-handler Attack
|
service-http
|
|
3224-0
|
HTTP WebGais
|
service-http
|
|
3225-0
|
WWW websendmail File Access
|
service-http
|
|
3226-0
|
WWW Webdist Bug
|
service-http
|
|
3227-0
|
WWW Htmlscript Bug
|
service-http
|
|
3228-0
|
WWW Performer Attack
|
service-http
|
|
3229-0
|
Website Win-C-Sample Buffer Overflow
|
service-http
|
|
3230-0
|
Website Uploader
|
service-http
|
|
3231-0
|
Novell Convert Attack
|
service-http
|
|
3232-0
|
WWW finger attempt
|
service-http
|
|
3233-0
|
WWW count-cgi Overflow
|
service-http
|
|
3234-0
|
IE Local Trusted Resource Execution
|
service-http
|
|
3234-1
|
IE Local Trusted Resource Execution
|
service-http
|
|
3235-0
|
showHelp CHM File Execution Weakness
|
string-tcp
|
|
3235-1
|
showHelp CHM File Execution Weakness
|
string-tcp
|
|
3236-0
|
IIS Path Disclosure
|
service-http
|
|
3252-0
|
Microsoft Agent ActiveX Control
|
string-tcp
|
|
3253-0
|
HTTP Request Smuggling
|
service-http
|
|
3254-0
|
XML-RPC PHP Command Execution
|
service-http
|
|
3254-1
|
XML-RPC PHP Command Execution
|
service-http
|
|
3255-0
|
Apache Long HTTP Header DoS
|
service-http
|
|
3300-0
|
NetBIOS OOB Data
|
atomic-ip
|
|
3301-0
|
NETBIOS Stat
|
atomic-ip
|
|
3314-0
|
Windows Locator Service Overflow
|
string-tcp
|
|
3315-0
|
Microsoft Windows 9x NetBIOS NULL Name Vulnerability
|
string-tcp
|
|
3316-0
|
Project1 DOS
|
string-tcp
|
|
3317-0
|
LSASS DCE RPC Request
|
string-tcp
|
|
3318-0
|
DsRolerUpgradeDownlevelServer Request
|
string-tcp
|
|
3319-0
|
DCE RPC Request
|
string-tcp
|
|
3325-0
|
Samba call_trans2open Overflow
|
string-tcp
|
|
3326-0
|
Windows Startup Folder Remote Access
|
string-tcp
|
|
3327-0
|
Windows RPC DCOM Overflow
|
service-msrpc
|
|
3327-1
|
Windows RPC DCOM Overflow
|
string-udp
|
|
3327-2
|
Windows RPC DCOM Overflow
|
atomic-ip
|
|
3327-3
|
Windows RPC DCOM Overflow
|
atomic-ip
|
|
3327-4
|
Windows RPC DCOM Overflow
|
service-msrpc
|
|
3327-5
|
Windows RPC DCOM Overflow
|
atomic-ip
|
|
3327-6
|
Windows RPC DCOM Overflow
|
string-tcp
|
|
3327-7
|
Windows RPC DCOM Overflow
|
string-tcp
|
|
3327-8
|
Windows RPC DCOM Overflow
|
service-msrpc
|
|
3327-9
|
Windows RPC DCOM Overflow
|
string-tcp
|
|
3327-10
|
Windows RPC DCOM Overflow
|
string-tcp
|
|
3327-12
|
Windows RPC DCOM Overflow
|
service-msrpc
|
|
3327-13
|
Windows RPC DCOM Overflow
|
string-tcp
|
|
3328-0
|
Windows SMB/RPC NoOp Sled
|
string-tcp
|
|
3328-1
|
Windows SMB/RPC NoOp Sled
|
service-msrpc
|
|
3328-2
|
Windows SMB/RPC NoOp Sled
|
string-tcp
|
|
3328-3
|
Windows SMB/RPC NoOp Sled
|
service-msrpc
|
|
3329-0
|
Windows RPCSS Overflow
|
service-msrpc
|
|
3330-0
|
Windows RPCSS Overflow 2
|
service-msrpc
|
|
3331-0
|
UDP MSRPC Messenger Overflow
|
string-udp
|
|
3331-1
|
UDP MSRPC Messenger Overflow
|
string-udp
|
|
3331-2
|
UDP MSRPC Messenger Overflow
|
service-msrpc
|
|
3331-3
|
UDP MSRPC Messenger Overflow
|
atomic-ip
|
|
3331-4
|
UDP MSRPC Messenger Overflow
|
atomic-ip
|
|
3332-0
|
TCP MSRPC Messenger Overflow
|
service-msrpc
|
|
3333-0
|
SMB MSRPC Messenger Overflow
|
string-tcp
|
|
3334-2
|
Windows Workstation Service Overflow
|
string-tcp
|
|
3334-5
|
Windows Workstation Service Overflow
|
service-msrpc
|
|
3334-6
|
Windows Workstation Service Overflow
|
service-msrpc
|
|
3334-7
|
Windows Workstation Service Overflow
|
string-tcp
|
|
3336-0
|
Windows ASN.1 Bit String NTLMv2 Integer Overflow
|
string-tcp
|
|
3337-0
|
Windows RPC Race Condition Exploitation
|
service-msrpc
|
|
3338-2
|
Windows LSASS RPC Overflow
|
service-msrpc
|
|
3338-3
|
Windows LSASS RPC Overflow
|
service-msrpc
|
|
3340-0
|
Windows Shell External Handler
|
string-tcp
|
|
3341-0
|
Metasploit Activity
|
string-tcp
|
|
3342-1
|
Windows NetDDE Overflow
|
string-tcp
|
|
3343-0
|
Windows Account Locked
|
string-tcp
|
|
3344-0
|
Windows 2000 TCP RPC DoS
|
string-tcp
|
|
3345-0
|
RPC WinNuke
|
atomic-ip
|
|
3346-0
|
Windows TSShutdn.exe Attempt
|
string-tcp
|
|
3347-0
|
Windows ASN.1 Library Bit String Heap Corruption
|
service-http
|
|
3347-1
|
Windows ASN.1 Library Bit String Heap Corruption
|
string-tcp
|
|
3347-2
|
Windows ASN.1 Library Bit String Heap Corruption
|
service-http
|
|
3353-0
|
SMB Request Overflow
|
string-tcp
|
|
3357-0
|
Invalid Netbios Name
|
atomic-ip
|
|
3400-0
|
Sun Kill Telnet DoS
|
string-tcp
|
|
3401-0
|
Telnet-IFS Match
|
string-tcp
|
|
3401-1
|
Telnet-IFS Match
|
string-tcp
|
|
3402-0
|
BSD Telnet Daemon Buffer Overflow
|
string-tcp
|
|
3402-1
|
BSD Telnet Daemon Buffer Overflow
|
string-tcp
|
|
3402-2
|
BSD Telnet Daemon Buffer Overflow
|
string-tcp
|
|
3402-3
|
BSD Telnet Daemon Buffer Overflow
|
string-tcp
|
|
3402-4
|
BSD Telnet Daemon Buffer Overflow
|
string-tcp
|
|
3403-0
|
Telnet Excessive Environment Options
|
string-tcp
|
|
3404-0
|
SysV /bin/login Overflow
|
string-tcp
|
|
3404-1
|
SysV /bin/login Overflow
|
string-tcp
|
|
3405-0
|
Avirt Gateway Proxy Buffer Overflow
|
string-tcp
|
|
3406-0
|
Solaris TTYPROMPT /bin/login Overflow
|
string-tcp
|
|
3407-0
|
Telnet Client NEW ENVIRON Option Overflow
|
string-tcp
|
|
3408-0
|
Telnet Client LINEMODE SLC Option Overflow
|
string-tcp
|
|
3409-0
|
Telnet Over Non-standard Ports
|
string-tcp
|
|
3409-1
|
Telnet Over Non-standard Ports
|
string-tcp
|
|
3409-2
|
Telnet Over Non-standard Ports
|
string-tcp
|
|
3450-0
|
Finger Bomb
|
string-tcp
|
|
3451-0
|
BearShare Directory Traversal
|
string-tcp
|
|
3452-0
|
Gopherd Halidate Overflow
|
string-tcp
|
|
3453-0
|
MS NetMeeting RDS DoS
|
string-tcp
|
|
3454-0
|
Check Point Firewall Information Leak
|
string-tcp
|
|
3455-0
|
Java Web Server Cmd Exec
|
string-tcp
|
|
3456-0
|
Solaris in.fingerd Information Leak
|
string-tcp
|
|
3456-1
|
Solaris in.fingerd Information Leak
|
string-tcp
|
|
3456-3
|
Solaris in.fingerd Information Leak
|
string-tcp
|
|
3457-0
|
Finger root shell
|
string-tcp
|
|
3458-0
|
AIM game invite overflow
|
string-tcp
|
|
3459-0
|
ValiCert Forms.exe Overflow
|
string-tcp
|
|
3459-1
|
ValiCert Forms.exe Overflow
|
string-tcp
|
|
3461-0
|
Finger probe
|
string-tcp
|
|
3462-0
|
Finger Redirect
|
string-tcp
|
|
3463-0
|
Finger root
|
string-tcp
|
|
3464-0
|
File access in finger
|
string-tcp
|
|
3465-0
|
Finger Activity
|
string-tcp
|
|
3466-0
|
RAS/PPTP Malformed Control Packet DOS
|
string-tcp
|
|
3500-0
|
Rlogin -froot Attack
|
string-tcp
|
|
3501-0
|
Rlogin Long TERM Variable
|
string-tcp
|
|
3502-0
|
rlogin Activity
|
string-tcp
|
|
3525-0
|
IMAP Authenticate Buffer Overflow
|
string-tcp
|
|
3526-0
|
Imap Login Buffer Overflow
|
string-tcp
|
|
3527-0
|
UW imapd Overflows
|
string-tcp
|
|
3527-1
|
UW imapd Overflows
|
string-tcp
|
|
3527-2
|
UW imapd Overflows
|
string-tcp
|
|
3527-3
|
UW imapd Overflows
|
string-tcp
|
|
3527-4
|
UW imapd Overflows
|
string-tcp
|
|
3527-5
|
UW imapd Overflows
|
string-tcp
|
|
3527-6
|
UW imapd Overflows
|
string-tcp
|
|
3528-0
|
IPSwitch IMail DELETE Command Overflow
|
string-tcp
|
|
3529-0
|
IMAP Long EXAMINE Command
|
string-tcp
|
|
3533-0
|
Cisco IOS Misformed BGP Packet DoS
|
string-tcp
|
|
3534-0
|
IMAP Long AUTHENTICATE Command
|
string-tcp
|
|
3537-0
|
MailEnable HTTP Authorization Buffer Overflow
|
string-tcp
|
|
3540-0
|
Cisco Secure ACS CSAdmin Attack
|
string-tcp
|
|
3550-0
|
POP Buffer Overflow
|
string-tcp
|
|
3551-0
|
POP User Root
|
string-tcp
|
|
3575-0
|
INN Buffer Overflow
|
string-tcp
|
|
3576-0
|
INN Control Message Exploit
|
string-tcp
|
|
3577-0
|
IMAP LOGIN Command Invalid Username
|
string-tcp
|
|
3578-0
|
IMAP Format String
|
string-tcp
|
|
3600-0
|
IOS Telnet Buffer Overflow
|
state
|
|
3601-0
|
IOS Command History Exploit
|
state
|
|
3602-0
|
IOS Cisco Identification
|
string-tcp
|
|
3603-0
|
IOS Enable Bypass
|
state
|
|
3604-0
|
Cisco Catalyst CR DoS
|
string-tcp
|
|
3652-0
|
SSH Gobbles
|
string-tcp
|
|
3700-0
|
CDE dtspcd Overflow
|
string-tcp
|
|
3701-0
|
Oracle 9iAS Web Cache Buffer Overflow
|
service-http
|
|
3703-0
|
Squid FTP URL Buffer Overflow
|
string-tcp
|
|
3704-0
|
IIS FTP STAT Denial of Service
|
string-tcp
|
|
3705-0
|
Tivoli Storage Manager Client Acceptor Overflow
|
service-http
|
|
3706-0
|
MIT PGP Public Key Server Overflow
|
string-tcp
|
|
3707-0
|
Perl fingerd Command Exec
|
string-tcp
|
|
3708-0
|
AnalogX Proxy Socks4a DNS Overflow
|
string-tcp
|
|
3709-0
|
AnalogX Proxy Web Proxy Overflow
|
string-tcp
|
|
3710-0
|
Cisco Secure ACS Directory Traversal
|
service-http
|
|
3711-0
|
Informer FW1 Auth Replay DoS
|
string-tcp
|
|
3714-0
|
Oracle TNS 'Service_Name' Overflow
|
string-tcp
|
|
3716-0
|
GDI+ JPEG Buffer Overflow
|
string-tcp
|
|
3716-1
|
GDI+ JPEG Buffer Overflow
|
string-tcp
|
|
3718-0
|
Windows .ANI File DoS
|
string-tcp
|
|
3719-0
|
MSN Messenger PNG Overflow
|
string-tcp
|
|
3728-0
|
Long pop username
|
string-tcp
|
|
3729-0
|
Long pop password
|
string-tcp
|
|
3730-0
|
Trinoo (TCP)
|
string-tcp
|
|
3730-1
|
Trinoo (TCP)
|
string-tcp
|
|
3731-0
|
IMail HTTP Get Buffer Overflow
|
string-tcp
|
|
3732-0
|
MSSQL xp_cmdshell Usage
|
string-tcp
|
|
3733-0
|
Real Server Format Overflow
|
string-tcp
|
|
3734-0
|
Cfengine Overflow
|
string-tcp
|
|
3735-0
|
CVS Flag Insertion Overflow
|
string-tcp
|
|
3736-0
|
Subversion get-dated-rev overflow
|
string-tcp
|
|
3737-0
|
Squid Proxy NTLM Authenticate Overflow
|
string-tcp
|
|
3738-0
|
CVS Argumentx Vulnerability
|
string-tcp
|
|
3739-0
|
Nullsoft SHOUTcast Format String Attack
|
service-http
|
|
3740-0
|
IMail LDAP Service Buffer Overflow
|
string-tcp
|
|
3782-0
|
mIRC DCC Send Buffer Overflow
|
string-tcp
|
|
3783-0
|
BrightStor Backup Discovery UDP Probe Overflow
|
string-udp
|
|
3784-0
|
BrightStor Discovery Service SERVICEPC Overflow
|
string-tcp
|
|
3785-0
|
Oracle 9i XDB FTP UNLOCK Buffer Overflow
|
string-tcp
|
|
3786-0
|
Oracle 9i XDB FTP PASS Buffer Overflow
|
string-tcp
|
|
3787-0
|
IRIX Printing System Remote Command Execution
|
string-tcp
|
|
3788-0
|
Solaris LPD Remote Command Execution
|
string-tcp
|
|
3789-0
|
DistCC Daemon Command Execution
|
string-tcp
|
|
3790-0
|
HP Openview Omniback II Command Execution
|
string-tcp
|
|
3791-0
|
Solaris Printd Unlink File Deletion
|
string-tcp
|
|
3792-0
|
Long Telnet Username
|
string-tcp
|
|
3793-0
|
ZENworks 6.5 Authentication Overflow
|
string-tcp
|
|
3802-0
|
Oracle iSQL*PLus Overflow
|
service-http
|
|
3883-0
|
Apache mod_proxy Buffer Overflow
|
string-tcp
|
|
3884-0
|
Cfengine Authentication Heap Based Buffer Overflow
|
string-tcp
|
|
4050-0
|
UDP Bomb
|
atomic-ip
|
|
4051-1
|
Snork
|
atomic-ip
|
|
4051-2
|
Snork
|
atomic-ip
|
|
4051-3
|
Snork
|
atomic-ip
|
|
4052-1
|
Chargen DoS
|
atomic-ip
|
|
4052-2
|
Chargen DoS
|
atomic-ip
|
|
4054-0
|
RIP Trace
|
string-udp
|
|
4054-1
|
RIP Trace
|
string-udp
|
|
4058-0
|
UPnP LOCATION Overflow
|
string-udp
|
|
4058-1
|
UPnP LOCATION Overflow
|
string-tcp
|
|
4058-2
|
UPnP LOCATION Overflow
|
atomic-ip
|
|
4060-0
|
Back Orifice Ping
|
string-udp
|
|
4060-1
|
Back Orifice Ping
|
string-udp
|
|
4061-0
|
Chargen Echo DoS
|
atomic-ip
|
|
4062-0
|
Cisco CSS 11000 Malformed UDP DoS
|
atomic-ip
|
|
4067-0
|
Malformed IKE Packet DoS
|
string-udp
|
|
4068-0
|
DoS NBT Stream
|
atomic-ip
|
|
4100-0
|
Tftp Passwd File
|
string-udp
|
|
4101-0
|
Cisco TFTPD Directory Traversal
|
string-udp
|
|
4150-0
|
Ascend Denial of Service
|
string-udp
|
|
4151-0
|
BOBAX Virus Activity
|
string-tcp
|
|
4151-1
|
BOBAX Virus Activity
|
string-tcp
|
|
4513-0
|
Cisco SNMP Message Processing DoS
|
string-udp
|
|
4514-0
|
SNMP Community String Public
|
string-udp
|
|
4515-0
|
Cisco IP/VC Embedded Community Names
|
string-udp
|
|
4515-1
|
Cisco IP/VC Embedded Community Names
|
string-udp
|
|
4600-0
|
IOS UDP Bomb
|
atomic-ip
|
|
4601-0
|
CheckPoint Firewall RDP ByPass
|
string-udp
|
|
4601-1
|
CheckPoint Firewall RDP Bypass
|
string-udp
|
|
4601-2
|
CheckPoint Firewall RDP Bypass
|
string-udp
|
|
4601-3
|
CheckPoint Firewall RDP Bypass
|
string-udp
|
|
4602-0
|
Beagle (Bagle) Virus DNS Lookup
|
string-udp
|
|
4602-1
|
Beagle (Bagle) Virus DNS Lookup
|
string-udp
|
|
4602-2
|
Beagle (Bagle) Virus DNS Lookup
|
string-tcp
|
|
4602-3
|
Beagle (Bagle) Virus DNS Lookup
|
atomic-ip
|
|
4602-4
|
Beagle (Bagle) Virus DNS Lookup
|
atomic-ip
|
|
4603-0
|
DHCP Discover
|
string-udp
|
|
4604-0
|
DHCP Request
|
string-udp
|
|
4604-1
|
DHCP Request
|
atomic-ip
|
|
4605-0
|
DHCP Offer
|
string-udp
|
|
4605-1
|
DHCP Offer
|
atomic-ip
|
|
4606-0
|
Cisco TFTP Long Filename Buffer Overflow
|
string-udp
|
|
4606-1
|
Cisco TFTP Long Filename Buffer Overflow
|
atomic-ip
|
|
4607-0
|
Deep Throat Response
|
string-udp
|
|
4607-1
|
Deep Throat Response
|
string-udp
|
|
4607-2
|
Deep Throat Response
|
string-udp
|
|
4607-3
|
Deep Throat Response
|
string-udp
|
|
4607-4
|
Deep Throat Response
|
string-udp
|
|
4607-5
|
Deep Throat Response
|
atomic-ip
|
|
4607-6
|
Deep Throat Response
|
atomic-ip
|
|
4607-7
|
Deep Throat Response
|
atomic-ip
|
|
4607-8
|
Deep Throat Response
|
atomic-ip
|
|
4607-9
|
Deep Throat Response
|
atomic-ip
|
|
4608-0
|
Trinoo (UDP)
|
string-udp
|
|
4608-1
|
Trinoo (UDP)
|
string-udp
|
|
4608-2
|
Trinoo (UDP)
|
string-udp
|
|
4608-3
|
Trinoo (UDP)
|
atomic-ip
|
|
4608-4
|
Trinoo (UDP)
|
atomic-ip
|
|
4608-5
|
Trinoo (UDP)
|
atomic-ip
|
|
4609-0
|
Orinoco SNMP Info Leak
|
string-udp
|
|
4609-1
|
Orinoco SNMP Info Leak
|
atomic-ip
|
|
4610-0
|
Kerberos 4 User Recon
|
string-udp
|
|
4610-1
|
Kerberos 4 User Recon
|
atomic-ip
|
|
4611-0
|
D-Link DWL-900AP+ TFTP Config Retrieve
|
string-udp
|
|
4611-1
|
D-Link DWL-900AP+ TFTP Config Retrieve
|
atomic-ip
|
|
4612-0
|
Cisco IP Phone TFTP Config Retrieve
|
string-udp
|
|
4612-1
|
Cisco IP Phone TFTP Config Retrieve
|
atomic-ip
|
|
4613-0
|
TFTP Filename Buffer Overflow
|
string-udp
|
|
4613-1
|
TFTP Filename Buffer Overflow
|
atomic-ip
|
|
4615-0
|
Beagle.B (Bagle.B) Virus DNS Lookup
|
string-udp
|
|
4615-1
|
Beagle.B (Bagle.B) Virus DNS Lookup
|
string-udp
|
|
4615-2
|
Beagle.B (Bagle.B) Virus DNS Lookup
|
atomic-ip
|
|
4615-3
|
Beagle.B (Bagle.B) Virus DNS Lookup
|
atomic-ip
|
|
4617-0
|
PoPToP PPtP Short Length Overflow
|
string-tcp
|
|
4617-1
|
PoPToP PPtP Short Length Overflow
|
string-tcp
|
|
4619-0
|
Invalid DHCP Packet
|
atomic-ip
|
|
4620-0
|
DNS Limited Broadcast Query
|
atomic-ip
|
|
4701-0
|
MSSQL Resolution Service Stack Overflow
|
string-udp
|
|
4702-0
|
MSSQL Resolution Service Heap Overflow
|
string-udp
|
|
4703-0
|
MSSQL Resolution Service Stack Overflow
|
atomic-ip
|
|
4704-0
|
MSSQL Resolution Service Heap Overflow
|
atomic-ip
|
|
5034-0
|
WWW IIS newdsn attack
|
service-http
|
|
5035-0
|
HTTP cgi HylaFAX Faxsurvey
|
service-http
|
|
5036-1
|
WWW Windows Password File Access Attempt
|
service-http
|
|
5036-2
|
WWW Windows Password File Access Attempt
|
service-http
|
|
5037-0
|
WWW SGI MachineInfo Attack
|
service-http
|
|
5038-0
|
WWW wwwsql file read Bug
|
service-http
|
|
5039-0
|
WWW finger attempt
|
service-http
|
|
5040-1
|
WWW perl interpreter attack
|
service-http
|
|
5040-2
|
WWW perl interpreter attack
|
service-http
|
|
5040-3
|
WWW perl interpreter attack
|
service-http
|
|
5041-0
|
WWW anyform attack
|
service-http
|
|
5042-1
|
WWW valid shell access attempt
|
service-http
|
|
5042-2
|
WWW valid shell access attempt
|
service-http
|
|
5042-3
|
WWW valid shell access attempt
|
service-http
|
|
5042-4
|
WWW valid shell access attempt
|
service-http
|
|
5042-5
|
WWW valid shell access attempt
|
service-http
|
|
5042-6
|
WWW valid shell access attempt
|
service-http
|
|
5043-1
|
WWW Cold Fusion Attack
|
service-http
|
|
5043-2
|
WWW Cold Fusion Attack
|
service-http
|
|
5043-3
|
WWW Cold Fusion Attack
|
service-http
|
|
5044-0
|
WWW Webcom.se Guestbook attack
|
service-http
|
|
5045-0
|
WWW xterm display attack
|
service-http
|
|
5046-0
|
WWW dumpenv.pl recon
|
service-http
|
|
5047-0
|
WWW Server Side Include POST attack
|
service-http
|
|
5048-0
|
WWW IIS BAT EXE attack
|
service-http
|
|
|