For configuration management purposes, the following list of
signatures is grouped by the software release version from which it was publicly
released. For more information regarding these signatures refer to the signature
descriptions above or go to www.cisco.com.
-
Release version S49
3327-Windows RPC DCOM Overflow
3328-Windows SMB/RPC NoOp Sled
-
Release version S48
1109-Cisco IOS Interface DoS
5380-phpBB SQL injection:
5382- Xpressions SQL Admin Bypass
5383-Cyberstrong eShop SQL Injection
6256- HTTP Authorization Failure
-
Release version S47
5375-Apache mod_dav Overflow
5376-iisPROTECT Admin SQL Injection
5377-xp_cmdshell in HTTP args
5378-Vignette TCL Injection Command Exec
5379-Windows Media Services Logging ISAPI Overflow
11204-Jabber Activity
-
Release version S46
3123-NetBus Pro Traffic
3124-Sendmail prescan Memory Corruption
3176-Cisco ONS FTP DoS
3326-Windows Startup Folder Remote Access
5369-Win32 Apache Batch File CmdExec
5370-HTDig File Disclosure
5371-bdir.htr Access
5372-ASP source disclosure
5373-IIS 5 Translate: f Source Disclosure
5374-IIS Executable File Command Exec
9025-Back Door Probe (TCP 20168)
9026-Back Door Probe (TCP 1092)
9027-Back Door Probe (TCP 2018)
9028-Back Door Probe (TCP 2019)
9029-Back Door Probe (TCP 2020)
9030-Back Door Probe (TCP 2021)
9225-Back Door Response (TCP 20168)
9226-Back Door Response (TCP 1092)
9227-Back Door Response (TCP 2018)
9228-Back Door Response (TCP 2019)
9229-Back Door Response (TCP 2020)
9230-Back Door Response (TCP 2021)
11014-Hotline Client Login
11015-Hotline File Transfer
11016-Hotline Tracker Login
11200-Yahoo Messenger Activity
11201-MSN Messenger Activity
-
Release version S44
1300-TCP Segment Overwrite
3325-Samba call_trans2open Overflow
3732-MSSQL xp_cmdshell Usage
5367-Apache CR / LF DoS
5368-Cisco ACS Windows CSAdmin Overflow
9024-Back Door Probe (TCP 10168)
9224-Back Door Response (TCP 10168)
11001-Gnutella Client Request
11002-Gnutella Server Reply
11003-Qtella File Request
11004-Bearshare file request
11005-KaZaA GET Request
11006-Gnucleus file request
11007-Limewire File Request
11008-Morpheus File Request
11009-Phex File Request
11010-Swapper File Request
11011-XoloX File Request
11012-GTK-Gnutella File Request
-
Release version S43
3311-SMB: remote SAM service access attempt
3312-SMB .eml e-mail file remote access
3313-SMB suspicous password usage
3320-SMB: ADMIN$ hidden share access attempt
3321-SMB: User Enumeration
3322-SMB: Windows Share Enumeration
3323-SMB: RFPoison Attack
3324-SMB NIMDA infected file transfer
4003-Nmap UDP Port Sweep
5360-Frontpage htimage.exe Buffer Overflow
5363-Frontpage imagemap.exe Buffer Overflow
5364-IIS WebDAV Overflow
5365-Long WebDAV Request
5366-Shell Code in HTTP URL / Args
6188-statd dot dot
6189-statd automount attack
-
Release version S42
5362-FrontPage dvwssr.dll Buffer Overflow
-
Release version S41
3115-Sendmail Data Header Overflow
5351-MS IE Help Overflow
5352-H-Sphere Webshell Buffer Overflow
5353-H-Sphere Webshell 'mode' URI exec
5354-H-Sphere Webshell zipfile' URI exec
5355-DotBr exec.php3 exec
5356-DotBr system.php3 exec
5357-IMP SQL Injection
5358-Psunami.CGI Remote Command Execution
5359-Office Scan CGI Scripts Access
-
Release version S40
3314-Windows Locator Service Overflow
4614-DHCP request overflow
9200-Back Door Response (TCP 12345)
9201-Back Door Response (TCP 31337)
9202-Back Door Response (TCP 1524)
9203-Back Door Response (TCP 2773)
9204-Back Door Response (TCP 2774)
9205-Back Door Response (TCP 20034)
9206-Back Door Response (TCP 27374)
9207-Back Door Response (TCP 1234)
9208-Back Door Response (TCP 1999)
9209-Back Door Response (TCP 6711)
9210-Back Door Response (TCP 6712)
9211-Back Door Response (TCP 6713)
9212-Back Door Response (TCP 6776)
9213-Back Door Response (TCP 16959)
9214-Back Door Response (TCP 27573)
9215-Back Door Response (TCP 23432)
9216-Back Door Response (TCP 5400)
9217-Back Door Response (TCP 5401)
9218-Back Door Response (TCP 2115)
9223-Back Door Response (TCP 36794)
-
Release version S39
4701-MS-SQL Control Overflow
-
Release version S38
5349-Polycom ViewStation Admin Password
5350-PHPnuke e-mail attachment access
6064-BIND Large OPT Record DoS
-
Release version S37
3174-SuperStack 3 NBX FTP DOS
3175-ProFTPD STAT DoS
3652-SSH Gobbles
4508-Non SNMP Traffic
4613-TFTP Filename Buffer Overflow
5343-Apache Host Header Cross Site Scripting
5345-HTTPBench Information Disclosure
5346-BadBlue Information Disclosure
5347-Xoops WebChat SQL Injection
5348-Cobalt RaQ Server overflow.cgi Cmd Exec
7101-ARP Source Broadcast
7102-ARP Reply-to-Broadcast
7104-ARP MacAddress-Flip-Flop-Response
7105-ARP Inbalance-of-Requests
11000-KaZaA v2 UDP Client Probe
-
Release version S36
5344-IIS MDAC RDS Buffer Overflow
-
Release version S35
4611-D-Link DWL-900AP+ TFTP Config Retrieve
4612-Cisco IP Phone TFTP Config Retrieve
5294-BearShare File Disclosure
5339-SunONE Directory Traversal
5340-Killer Protection Credential File Access
5341-HP Procurve 4000M Switch DoS
5342-Invision Board phpinfo.php Recon
-
Release version S34
3173-Long FTP Command
3465-Finger Activity
3502-rlogin Activity
3604-Cisco Catalyst CR DoS
5337-Dot Dot Slash in HTTP Arguments
5338-Front Page Admin password retrival
-
Release version S33
5331-Image Javascript insertion
5333-FUDForum File Disclosure
5334- DB4Web File Disclosure
5335-DB4WEB Proxy Scan
5336- Abyss Web Server File Disclosure
9023-Back Door Probe (TCP 36794)
-
Release version S32
5330-Apache/mod_ssl Worm Buffer Overflow
9021-Back Door (UDP 2001)
9022-Back Door (UDP 2002)
-
Release version S31
3121-Vintra MailServer EXPN DoS
3122-SMTP EXPN root Recon
3165-FTP SITE EXEC
3168-FTP SITE EXEC Directory Traversal
3169-FTP SITE EXEC tar
3170-WS_FTP SITE CPWD Buffer Overflow
3171-Ftp Priviledged Login
3172-Ftp Cwd Overflow
3310-Netbios Enum Share DoS
3406-Solaris TTYPROMPT /bin/login Overflow
3457-Finger root shell
3461-Finger probe
3462-Finger Redirect
3463-Finger root
3464-File access in finger
3551-POP User Root
3711-Informer FW1 auth replay DoS
4061-Chargen Echo DoS
4509-HP Openview SNMP Hidden Community Name
4510-Solaris SNMP Hidden Community Name
4511-Avaya SNMP Hidden Community Name
4609-Orinoco SNMP Info Leak
4610-Kerberos 4 User Recon
5321-Guest Book CGI access
5322-Long HTTP Request
5323-midicart.mdb File Access
5327-Tilde in URI
5328- Cisco IP phone DoS
6277-Show Mount Recon
-
Release version S30
2155-Modem DoS
3730-Trinoo (TCP)
3731-IMail HTTP Get Buffer Overflow
4606-Cisco TFTP Long Filename Buffer Overflow
4607-Deep Throat Response
4608-Trinoo (UDP)
5310-INDEX / directory access
5311-8.3 file name access
5323-Cisco Router http exec command
5324-Cisco IOS Query (?/)
5325-Contivity cgiproc DoS
5326-Root.exe access
6275-SGI fam Attempt
6276-TooltalkDB overflow
-
Release version S29
3728-Long pop username
3729-Long pop password
4603-DHCP Discover
4604-DHCP Request
4605-DHCP Offer
5305-.bash_history File Access
5305:1-.sh_history File Access
5305:2-.history File Access
5305:3-.zhistory File Access
5306-SoftCart storemgr.pw File Access
5308-rpc-nlog.pl Command Execution
5309- handler CGI Command Execution
5312-*.jsp/*.jhtml Java Execution
5313-order.log File Access
5316-BadBlue Admin Command Exec
5317-Tivoli Endpoint Buffer Overflow
5318-Tivoli ManagedNode Buffer Overflow
5319-SoftCart orders Directory Access
5320-ColdFusion administrator Directory Access
-
Release version S28
3167-Format String in FTP username
3708-AnalogX Proxy Socks4a DNS Overflow
3709-AnalogX Proxy Web Proxy Overflow
3710-Cisco Secure ACS Directory Traversal
5282-IIS ExAir advsearch.asp Access
5282:1-IIS ExAir search.asp Access
5282:2-IIS ExAir query.asp Access
5287-SiteServer AdSamples SITE.CSC File Access
5288-Verity search97 Directory Traversal
5289-SQLXML ISAPI Buffer Overflow
5291-WEB-INF Dot File Disclosure
5292-SalesCart shop.mdb File Access
5293-robots.txt File Access
5295-finger CGI Recon
5296-Netscape Server PageServices Directory Access
5297-order_log.dat File Access
5298-shopper.conf File Access
5299-quikstore.cfg File Access
5300-reg_echo.cgi Recon
5301-/consolehelp/ CGI File Access
5302-/file/ WebLogic File Access
5303-pfdispaly.cgi Command Execution
5304-files.pl File Access
5314- windmail.exe Command Execution
-
Release version S27
1108-IP Packet with Proto 11
5279-JJ CGi Cmd Exec
5280-IIS idq.dll Directory Traversal
5281-Carello add.exe Access
5283-info2www CGI Directory Traversal
5284- IIS webhits.dll Directory Traversal
5285-PHPEventCalendar Cmd Exec
5286-WebScripts WebBBS Cmd Exec
-
Release version S26
3707-Perl fingerd Command Exec
3714-Oracle TNS 'Service_Name' Overflow
5243-CS .cgi Script Cmd Exec
5275-Phorum Remote Cmd Exec
5276-cart.cgi Command Execution
5276:1-cart.cgi vars,env,db Recon
5276:2-cart.cgi Backdoor
5277- dfire.cgi Command Exec
5278-VP-ASP shoptest.asp access
9015-Back Door Probe (TCP 23432)
9016-Back Door Probe (TCP 5400)
9017-Back Door Probe (TCP 5401)
9018-Back Door Probe (TCP 2115)
9019-Back Door (UDP 2140)
9020-Back Door (UDP 47262)
-
Release version S25
3705-Tivoli Storage Manager Client Acceptor Overflow
3706-MIT PGP Public Key Server Overflow
5251-Allaire JRun // Directory Disclosure
5262-Large number of Slashes URL
5263-ecware.exe Access
5265-RedHat cachemgr.cgi Access
5266-iCat Carbo Server File Disclosure
5268-Cisco Catalyst Remote Command Execution
5269-ColdFusion CFDOCS Directory Access
5270-EZ-Mall order.log File Access
5271-search.cgi Directory Traversal
5272-count.cgi GIF File Disclosure
5273-Bannermatic Sensitive File Access
5274-Netpad.cgi Directory Traversal/Cmd Exec
-
Release version S24
3702-Default sa account access
5249-IDS Evasive Encoding
5250-IDS Evasive Double Encoding
5252-Allaire JRun Session ID Recon
5253-Axis StorPoint CD Authentication Bypass
5254-Sambar Server CGI Dos Batch File
5255-Linux Directory traceroute / nslookup Command Exec
5256-Dot Dot Slash in URI
5257-PHPNetToolpack traceroute Command Exec
5258-Script source disclosure with CodeBrws.asp
5259-Snitz Forums SQL injection
5260-Xpede sprc.asp SQL Injection
5261-BackOffice Server Web Administration Access
-
Release version S23
6199-cachefsd Overflow
-
Release version S22
6198-rwalld String Format
9007-Back Door Probe (TCP 1234)
9008-Back Door Probe (TCP 1999)
9009-Back Door Probe (TCP 6711)
9010-Back Door Probe (TCP 6712)
9011-Back Door Probe (TCP 6713)
9012-Back Door Probe (TCP 6776)
9013-Back Door Probe (TCP 16959)
9014-Back Door Probe (TCP 27573)
-
Release version S21
3704-IIS FTP STAT Denial of Service
5244- PhpSmsSend Command Exec
5245- HTTP 1.1 Chunked Encoding Transfer
5246-IIS ISAPI Filter Buffer Overflow
5247-IIS ASP SSI Buffer Overflow
5248-IIS HTR ISAPI Buffer Overflow
-
Release version S20
5240-Marcus Xenakis Shell Command Exec
5241-Avenger System Command Exec
9000-Back Door Probe (TCP 12345)
9001-Back Door Probe (TCP 31337)
9002-Back Door Probe (TCP 1524)
9003-Back Door Probe (TCP 2773)
9004-Back Door Probe (TCP 2774)
9005-Back Door Probe (TCP 20034)
9006-Back Door Probe (TCP 27374)
-
Release version S19
3166- FTP USER Suspicious Length
3703-Squid FTP URL Buffer Overflow
5232-URL with XSS
5234-pforum sql-injection
5236-Xoops sql-injection
5237-HTTP CONNECT Tunnel
5238-EZNET Ezboard Buffer Overflow
5239-Sambar cgitest.exe Buffer Overflow
-
Release version S18
3164- Instant Server Mini Portal Directory Traversal
3405- Avirt Gateway proxy Buffer Overflow
3701-Oracle 9iAS Web Cache Buffer Overflow
5227- AHG Search Engine Command Exec
5229- DCP Portal Root Path Disclosure
5230- Lotus Domino Authentication Bypass
5231- MRTG Directory Traversal
5233-PHP fileupload Buffer Overflow
-
Release version S17
4507-SNMP Protocol Violation
5223-Pi3Web Buffer Overflow
5224-SquirrelMail SquirrelSpell Command Exec
-
Release version S16
4506-D-Link Wireless SNMP Plain Text Password
5197-Network Query Tool command Exec
5201-PHP-Nuke Cross Site Scripting
5203- Hosting Controller File Access and Upload
5205-Apache php.exe File Disclosure
5209-Agora.cgi Cross Site Scripting
5210-FAQManager.cgi directory traversal
5211-zml.cgi File Disclosure
5212-Bugzilla Admin Authorization Bypass
5213-Bugzilla Command Exec
5214-FAQManager.cgi null bytes
5215-lastlines.cgi cmd exec/traversal
5216-PHP Rocket Directory Traversal
5217-Webmin Directory Traversal
5218-Boozt Buffer Overflow
5219-Lotus Domino database DoS
5220-CSVForm Remote Command Exec
5221-Hosting Controller Directory Traversal
-
Release version S15
3700-CDE dtspcd overflow
-
Release version S14
3404-SysV /bin/login Overflow
3458-AIM game invite overflow
3459-ValiCert forms.exe overflow
4058-UPnP LOCATION Overflow
5202- PHP-Nuke File Copy / Delete
5204-AspUpload Sample Scripts
5206-Horde IMP Session Hijack
5207-Entrust GetAccess directory traversal
5208-Network Tools shell metacharacters
-
Release version S13
3117-KLEZ worm
3118-rwhoisd format string
3119-WS_FTP STAT overflow
3120-ANTS virus
3163-wu-ftpd heap corruption vulnerability
3403-Telnet Excessive Environment Options
3456- Solaris in.fingerd Information Leak
3501-Rlogin Long TERM Variable
5183-PHP File Inclusion Remote Exec
5191-Active Perl PerlIS.dll Buffer Overflow
5194-Apache Server .ht File Access
5195-AS/400 '/' attack
5196-Red Hat Stronghold Recon attack
5199-W3Mail Command Exec
5200-IIS Data Stream Source Disclosure
-
Release version S12
1107-RFC 1918 Addresses Seen
3116-Netbus
3651-SSH CRC32 Overflow
5184-Apache Authentication Module ByPass
5188-HTTP Tunneling
-
Release version S11
5178-MS Index Server File/Path Recon
5179-PHP-Nuke File Upload
5180-sgiMerchant Directory Traversal
5181-MacOS Apache File Disclosure
5181:1-MacOS Apache File Disclosure
5182-WebDiscount's eShop Arbitrary Command Exec
-
Release version S10
3112-Lotus Domino Mail Loop DoS
3460-AVTronics InetServer Buffer Overflow
4060-Back Orifice Ping
5173-Directory Manager Cmd Exec
5174-phpmyexplorer directory traversal
5175-Hassan Shopping Cart Command Exec
5176-Exchange Address List Disclosure
-
Release version S9
3114-FetchMail Arbitrary Code Execution
3162-glFtpD LIST DoS
3455-Java Web Server Cmd Exec
4101-Cisco TFTPD Directory Traversal
4601-CheckPoint Firewall RDP Bypass
5170-NULL byte in URI
5171-NC-Book book.cgi Cmd Exec
5172-WinWrapper Admin Server Directory Traversal
6197-rpc yppaswdd overflow
-
Release version S8
5163-Mambo SiteServer Administrative Password ByPass
5164-PHPBB Remote SQL Query Manipulation
5165-php-nuke article.php sql query
5166-php-nuke modules.php DoS
5167-phpMyAdmin Cmd Exec 2
5168-Snapstream PVS Directory Traversal Bug
5169-SnapStream PVS Plaintext Password Vulnerability
-
Release version S7
3111-W32 Sircam Malicious Code
3111:1-W32 Sircam Malicious Code
3454-Check Point Firewall Information Leak
4601:1-CheckPoint Firewall RDP Bypass
4601:2-CheckPoint Firewall RDP Bypass
4601:3-CheckPoint Firewall RDP Bypass
5158-iPlanet Proprietary Method Overflow
5159-phpMyAdmin Cmd Exec
5160-Apache ? indexing file disclosure bug
5160:1-Apache ? indexing file disclosure bug
5161-SquirrelMail Command Exec
5162-Active Classifieds Command Exec
-
Release version S6
3161-FTP realpath Buffer Overflow
3402-BSD Telnet Daemon Buffer Overflow
3453-MS NetMeeting RDS DoS
5134-MacOS PWS DoS
5142-DCShop File Disclosure
5147-Arcadia Internet Store Directory Traversal Attempt
5148-Perception LiteServe Web Server CGI Script Source Code
Disclosu
5149-Trend Micro Interscan Viruswall Configuration Modification
5150-InterScan VirusWall RegGo.dll Buffer Overflow
5151-WebStore Admin Bypass
5152-WebStore Command Exec
5154-WWW uDirectory Directory Traversal
5155-WWW SiteWare Editor Directory Traversal
5156-WWW Microsoft fp30reg.dll Overflow
5157-Tarantella TTAWebTop.CGI Directory Traversal Bug
-
Release version S5
993-Missed Packet Count
994-Traffic Flow Started
995-Traffic Flow Stopped
3451-BearShare Directory Traversal
3452-gopherd halidate overflow
5124-IIS CGI Double Decode
5125-PerlCal Directory Traversal
5126-WWW IIS .ida Indexing Service Overflow
5127-WWW viewsrc.cgi Directory Traversal
5128-WWW nph-maillist.pl Cmd Exec
5129-IOS HTTP Unauth Command Execution
5130-Bugzilla globals.pl
5131-talkback.cgi Directory Traversal
5132-VirusScan catinfo Buffer Overflow
5133-Net.Commerce Macro Path Disclosure
5138-Oracle Application Server Shared Library Overflow
5140-Net.Commerce Macro Denial of Service
5141-NCM content.pl SQL Query Vulnerability
5143-Microsoft Media Player ASX Overflow
5146-MS-DOS Device Name DoS
-
Release version S4
4056-NTPd readvar overflow
5120-Netscape Server Suite Buffer Overflow
5121-iPlanet .shtml Buffer Overflow
5122-Nokia IP440 Denial of Service
5123- WWW IIS Internet Printing Overflow
6196-snmpXdmid Buffer Overflow
6901-Net Flood ICMP Reply
6902-Net Flood ICMP Request
6903-Net Flood ICMP Any
6910-Net Flood UDP
6920-Net Flood TCP
-
Release version S3
3046-NMAP OS Fingerprint
3158-FTP SITE EXEC Format String
3159-FTP PASS Suspicious Length
4500-Cisco IOS Embedded SNMP Community Names
4501-Cisco CVCO/4K Remote Username/Password return
4502-SNMP Password Brute Force Attempt
4503-SNMP NT Info Retrieve
4504-SNMP IOS Configuration Retrieval
4505-SNMP VACM MIB Access
5115-Netscape Enterprise Server with ?wp Tags
5116-Endymion MailMan Remote Command Execution
5117-phpGroupWare Remote Command Exec
5118-eWave ServletExec 3.0C File Upload
5119-CGI Script Center News Update Admin Passwd Change
6058-DNS SRV DoS
6059-DNS TSIG Overflow
6060-DNS complain overflow
6061-DNS infoleak
6062-DNS authors request
6063-DNS Incremental zone transfer
6210-LPRng format String Overflow
6350-SQL Query Abuse
-
Release version 2.2.1.6
1220-Jolt2 Fragment Reassembly DoS attack
3530-Cisco Secure ACS Oversized TACACS+ Attack
3540-Cisco Secure ACS CSAdmin Attack
5079-WWW PCCS MySQL Admin Access
5080-WWW IBM WebSphere Access
5081-WWW WinNT cmd.exe Access
5083-WWW Virtual Vision FTP Browser Access
5084-WWW Alibaba Attack 2
5085-WWW IIS Source Fragment Access
5086-WWW WEBactive Logfile Access
5087-WWW Sun Java Server Access
5088-WWW Akopia MiniVend Access
5089-WWW Big Brother Directory Access
5090-WWW FrontPage htimage.exe Access
5091-WWW Cart32 Remote Admin Access
5092-WWW CGI-World Poll It Access
5093-WWW PHP-Nuke admin.php3 Access
5095-WWW CGI Script Center Account Manager Attack
5096-WWW CGI Script Center Subscribe Me Attack
5097-WWW FrontPage MS-DOS Device Attack
5099-WWW GWScripts News Publisher Access
5100-WWW CGI Center Auction Weaver File Access
5101-WWW CGI Center Auction Weaver Attack
5102-WWW phpPhotoAlbum explorer.php Access
5103-WWW SuSE Apache CGI Source Access
5104-WWW YaBB File Access
5105-WWW Ranson Johnson mailto.cgi Attack
5106-WWW Ranson Johnson mailform.pl Access
5107-WWW Mandrake Linux /perl Access
5108-WWW Netegrity Site Minder Access
5109-WWW Sambar Beta search.dll Access
5110-WWW SuSE Installed Packages Access
5111-WWW Solaris Answerbook 2 Access
5112-WWW Solaris Answerbook 2 Attack
5113-WWW CommuniGate Pro Access
5114-WWW IIS Unicode Attack
-
Release version 2.2.1.5
1200-IP Fragmentation Buffer Full
1201-IP Fragment Overlap
1202-IP Fragment Overrun - Datagram Too Long
1203-IP Fragment Overwrite - Data is Overwritten
1204-IP Fragment Missing Initial Fragment
1205-IP Fragment Too Many Datagrams
1206-IP Fragment Too Small
1207-IP Fragment Too Many Frags
1208-IP Fragment Incomplete Datagram
3110-Suspicious Mail Attachment
3157-FTP PASV Port Spoof
3603-IOS Enable Bypass
5056-WWW Cisco IOS %% DoS
5057-WWW Sambar Samples
5058-WWW info2www Attack
5059-WWW Alibaba Attack
5060-WWW Excite AT-generate.cgi Access
5061-WWW catalog_type.asp Access
5062-WWW classifieds.cgi Attack
5063-WWW dmblparser.exe Access
5064-WWW imagemap.cgi Attack
5065-WWW IRIX infosrch.cgi Attack
5066-WWW man.sh Access
5067-WWW plusmail Attack
5068-WWW formmail.pl Access
5069-WWW whois_raw.cgi Attack
5070-WWW msadcs.dll Access
5071-WWW msacds.dll Attack
5072-WWW bizdb1-search.cgi Attack
5073-WWW EZshopper loadpage.cgi Attack
5074-WWW EZshopper search.cgi Attack
5075-WWW IIS Virtualized UNC Bug
5076-WWW webplus bug
5077-WWW Excite AT-admin.cgi Access
5078-WWW Piranha passwd attack
6054-DNS Version Request
6507-TFN2K Control Traffic
6508-Mstream Control Traffic
-
Release version 2.2.1.4
6056-DNS NXT Buffer Overflow
6057-DNS SIG Buffer Overflow
6195-RPC amd Buffer Overflow
-
Release version 2.2.1.3
3650-SSH RSAREF2 Buffer Overflow
3990-BackOrifice BO2K TCP Non Stealth
3991-BackOrifice BO2K TCP Stealth 1
3992-BackOrifice BO2K TCP Stealth 2
4055-BackOrifice BO2K UDP
5055-HTTP Basic Authentication Overflow
6194-sadmind RPC Buffer Overflow
6500-RingZero Trojan
6501-TFN Client Request
6502-TFN Server Reply
6503-Stacheldraht Client Request
6504-Stacheldraht Server Reply
6505-Trinoo Client Request
6506-Trinoo Server Reply
-
Release version 2.2.1.2
3155-FTP RETR Pipe Filename Command Execution
3156-FTP STOR Pipe Filename Command Execution
3308-Windows LSARPC Access
3309-Windows SRVSVC Access
5051-IIS Double Byte Code Page
5052-FrontPage Extensions PWD Open Attempt
5053-FrontPage _vti_bin Directory List Attempt
5054-WWWBoard Password
6193-RPC CMSD Buffer Overflow
-
Release version 2.2.1.1
1104-IP Localhost Source Spoof
3038-Fragmented NULL TCP Packet
3039-Fragmented Orphaned FIN packet
3040-NULL TCP Packet
3041-SYN/FIN Packet
3042-Orphaned Fin Packet
3043-Fragmented SYN/FIN Packet
3201-Unix Password File Access Attempt
4054-RIP Trace
5034-WWW IIS newdsn attack
5035-HTTP cgi HylaFAX Faxsurvey
5036-WWW Windows Password File Access Attempt
5037-WWW SGI MachineInfo Attack
5038-WWW wwwsql file read Bug
5039-WWW finger attempt
5040-WWW Perl Interpreter Attack
5041-WWW anyform attack
5042-WWW CGI Valid Shell Access
5043-WWW Cold Fusion Attack
5044-WWW Webcom.se Guestbook attack
5045-WWW xterm display attack
5046-WWW dumpenv.pl recon
5047-WWW Server Side Include POST attack
5048-WWW IIS BAT EXE attack
5049-WWW IIS showcode.asp access
5050-WWW IIS .htr Overflow Attack
6055-DNS Inverse Query Buffer Overflow
6104-RPC Set Spoof
6105-RPC Unset Spoof
-
Release version 2.2.0.3
4053-Back Orifice
-
Release version 2.2
4002-UDP Flood
-
Release version 2.1.1.6
3109-Long SMTP Command
3229-Website Win-C-Sample Buffer Overflow
3230-Website Uploader
3231-Novell convert
3232-WWW finger attempt
3233-WWW count-cgi Overflow
3525-IMAP Authenticate Buffer Overflow
3526-Imap Login Buffer Overflow
3550-POP Buffer Overflow
3575-INN Buffer Overflow
3576-INN Control Message Exploit
3600-IOS Telnet Buffer Overflow
3601-IOS Command History Exploit
4051-Snork
4052-Chargen DoS
4150-Ascend Denial of Service
6118-RPC ttdb Sweep
6191-RPC.tooltalk buffer overflow
6192-RPC mountd Buffer Overflow
-
Release version 2.1.1.5
3030-TCP SYN Host Sweep
3031-TCP FRAG SYN Host Sweep
3032-TCP FIN Host Sweep
3033-TCP FRAG FIN Host Sweep
3034-TCP NULL Host Sweep
3035-TCP FRAG NULL Host Sweep
3036-TCP SYN FIN Host Sweep
3037-TCP FRAG SYN FIN Host Sweep
3108-MIME Overflow Bug
6110-RPC RSTATD Sweep
6111-RPC RUSERSD Sweep
6112-RPC NFS Sweep
6113-RPC MOUNTD Sweep
6114-RPC YPPASSWDD Sweep
6115-RPC SELECTION_SVC Sweep
6116-RPC REXD Sweep
6117-RPC STATUS Sweep
-
Release version 2.1.1.3
3002-TCP SYN Port Sweep
3003-TCP Frag SYN Port Sweep
3005-TCP FIN Port Sweep
3006-TCP Frag FIN Port Sweep
3010-TCP High Port Sweep
3011-TCP FIN High Port Sweep
3012-TCP Frag FIN High Port Sweep
3015-TCP Null Port Sweep
3016-TCP Frag Null Port Sweep
3020-TCP SYN FIN Port Sweep
3021-TCP Frag SYN FIN Port Sweep
3106-Mail Spam
3107-Majordomo Execute Attack
3221-WWW cgi-viewsource Attack
3222-WWW PHP Log Scripts Read Attack
3223-WWW IRIX cgi-handler Attack
3224-HTTP WebGais
3225-WWW websendmail File Access
3226-WWW Webdist Bug
3227-WWW Htmlscript Bug
3228-WWW Performer Bug
3251-TCP Hijacking Simplex Mode
3400-Sunkill
6180-rexd Attempt
6190-statd Buffer Overflow
-
Release version 2.1.1
1001-IP options-Record Packet Route
1002-IP options-Timestamp
1004-IP options-Loose Source Route
1006-IP options-Strict Source Route
1102-Impossible IP Packet
1103-IP Fragments Overlap
2100-ICMP Network Sweep w/Echo
2101-ICMP Network Sweep w/Timestamp
2102-ICMP Network Sweep w/Address Mask
2150-Fragmented ICMP Traffic
2153-Smurf
3001-TCP Port Sweep
3100-Smail Attack
3101-Sendmail Invalid Recipient
3102-Sendmail Invalid Sender
3103-Sendmail Reconnaissance
3104-Archaic Sendmail Attacks
3105-Sendmail Decode Alias
3150-FTP Remote Command Execution
3151-FTP SYST Command Attempt
3152-FTP CWD ~root
3153-FTP Improper Address Specified
3154-FTP Improper Port Specified
3200-WWW Phf Attack
3202-WWW .url File Requested
3203-WWW .lnk File Requested
3204-WWW .bat File Requested
3205-HTML File Has .url Link
3206-HTML File Has .lnk Link
3207-HTML File Has .bat Link
3208-WWW campas Attack
3209-WWW Glimpse Server Attack
3210-WWW IIS View Source Attack
3211-WWW IIS Hex View Source Attack
3212-WWW NPH-TEST-CGI Attack
3213-WWW TEST-CGI Attack
3214-IIS DOT DOT VIEW Attack
3215-IIS DOT DOT EXECUTE Attack
3216-WWW Directory Traversal ../..
3217-WWW php View File Attack
3218-WWW SGI Wrap Attack
3219-WWW PHP Buffer Overflow
3220-IIS Long URL Crash Bug
3250-TCP Hijack
3300-NetBIOS OOB Data
3303-Windows Guest Login
3305-Windows Password File Access
3306-Windows Registry Access
3307-Windows Redbutton Attack
3401-Telnet-IFS Match
3500-Rlogin -froot Attack
4001-UDP Port Sweep
4100-Tftp Passwd File
6001-Normal SATAN Probe
6002-Heavy SATAN Probe
6050-DNS HINFO Request
6051-DNS Zone Transfer
6052-DNS Zone Transfer from High Port
6053-DNS Request for All Records
6102-RPC Dump
6150-ypserv Portmap Request
6151-ypbind Portmap Request
6152-yppasswdd Portmap Request
6153-ypupdated Portmap Request
6154-ypxfrd Portmap Request
6155-mountd Portmap Request
6175-rexd Portmap Request
6200-Ident Buffer Overflow
6201-Ident Newline
6250-FTP Authorization Failure
6251-Telnet Authorization Failure
6252-Rlogin Authorization Failure
6253-POP3 Authorization Failure
6255-SMB Authorization Failure
6300-Loki ICMP Tunneling
6302-General Loki ICMP Tunneling
8000:2101-FTP Retrieve Password File
8000:2302-Telnet-/etc/shadow Match
8000:2303-Telnet-+ +
8000:51301-Rlogin-IFS Match
8000:51302-Rlogin-/etc/shadow Match
8000:51303-Rlogin-+ +
10000:1000-IP-Spoof Interface 1
10000:1001-IP-Spoof Interface 2
-
Release version 1.0
1100-IP Fragment Attack
1101-Unknown IP Protocol
2000-ICMP Echo Reply
2001-ICMP Host Unreachable
2002-ICMP Source Quench
2003-ICMP Redirect
2004-ICMP Echo Request
2007-ICMP Timestamp Request
2008-ICMP Timestamp Reply
2011-ICMP Address Mask Request
2012-ICMP Address Mask Reply
2151-Large ICMP Traffic
2152-ICMP Flood
2154-Ping of Death Attack
3045-Queso Sweep
3050-Half-open SYN Attack
3160-Cesar FTP Buffer Overflow
3450-Finger Bomb
3602-Cisco IOS Identity
050-UDP Bomb
4600-IOS UDP Bomb
5290-Apache Tomcat DefaultServlet File Disclosure
5315-changedisplay.pl WWWthreads Privilege Elevation
5329-Apache/mod_ssl Worm Probe
5332-Wordtrans-web Command Exec
5381-VPASP SQL injection
6100-RPC Port Registration
6101-RPC Port Unregistration
6103-Proxied RPC Request
11013-Mutella File Request
11202-AOL / ICQ Activity
11203- IRC Channel Join
The following signatures are not associated with any particular
release.
Sections
Comments (0 posted)
Syndication
